diff options
| -rw-r--r-- | pw/Makefile | 3 | ||||
| -rw-r--r-- | pw/cpdir.c | 7 | ||||
| -rw-r--r-- | pw/grupd.c | 4 | ||||
| -rw-r--r-- | pw/psdate.c | 5 | ||||
| -rw-r--r-- | pw/pw.8 | 208 | ||||
| -rw-r--r-- | pw/pw.c | 310 | ||||
| -rw-r--r-- | pw/pw.h | 57 | ||||
| -rw-r--r-- | pw/pw_conf.c | 123 | ||||
| -rw-r--r-- | pw/pw_group.c | 766 | ||||
| -rw-r--r-- | pw/pw_log.c | 2 | ||||
| -rw-r--r-- | pw/pw_nis.c | 2 | ||||
| -rw-r--r-- | pw/pw_user.c | 2259 | ||||
| -rw-r--r-- | pw/pw_utils.c | 99 | ||||
| -rw-r--r-- | pw/pwupd.c | 14 | ||||
| -rw-r--r-- | pw/pwupd.h | 17 | ||||
| -rw-r--r-- | pw/rm_r.c | 9 | ||||
| -rw-r--r-- | pw/strtounum.c | 72 |
17 files changed, 1639 insertions, 2318 deletions
diff --git a/pw/Makefile b/pw/Makefile index f26c9de..c265399 100644 --- a/pw/Makefile +++ b/pw/Makefile @@ -3,8 +3,7 @@ PROG= pw MAN= pw.conf.5 pw.8 SRCS= pw.c pw_conf.c pw_user.c pw_group.c pw_log.c pw_nis.c pw_vpw.c \ - grupd.c pwupd.c psdate.c bitmap.c cpdir.c rm_r.c strtounum.c \ - pw_utils.c + grupd.c pwupd.c psdate.c bitmap.c cpdir.c rm_r.c WARNS?= 3 @@ -29,12 +29,17 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ -#include <dirent.h> #include <err.h> #include <errno.h> #include <fcntl.h> +#include <stdio.h> #include <string.h> +#include <stdlib.h> #include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/param.h> +#include <dirent.h> #include "pw.h" #include "pwupd.h" @@ -29,11 +29,13 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ -#include <err.h> #include <grp.h> #include <libutil.h> +#include <err.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> +#include <sys/param.h> #include "pwupd.h" diff --git a/pw/psdate.c b/pw/psdate.c index bd2aa15..8e3a951 100644 --- a/pw/psdate.c +++ b/pw/psdate.c @@ -29,11 +29,12 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ -#include <ctype.h> -#include <err.h> +#include <stdio.h> #include <stdlib.h> #include <string.h> +#include <ctype.h> #include <xlocale.h> +#include <err.h> #include "psdate.h" @@ -35,9 +35,11 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar useradd -.Oo Fl n Oc name Oo Fl u Ar uid Oc +.Op name|uid .Op Fl C Ar config .Op Fl q +.Op Fl n Ar name +.Op Fl u Ar uid .Op Fl c Ar comment .Op Fl d Ar dir .Op Fl e Ar date @@ -59,6 +61,7 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar useradd +.Op name|uid .Fl D .Op Fl C Ar config .Op Fl q @@ -78,23 +81,27 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar userdel -.Oo Fl n Oc name|uid | Fl u Ar uid +.Op name|uid +.Op Fl n Ar name +.Op Fl u Ar uid .Op Fl r .Op Fl Y .Nm .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar usermod -.Oo Fl n Oc name|uid Oo Fl u Ar newuid Oc | Fl u Ar uid +.Op name|uid .Op Fl C Ar config .Op Fl q +.Op Fl n Ar name +.Op Fl u Ar uid .Op Fl c Ar comment .Op Fl d Ar dir .Op Fl e Ar date .Op Fl p Ar date .Op Fl g Ar group .Op Fl G Ar grouplist -.Op Fl l Ar newname +.Op Fl l Ar name .Op Fl m .Op Fl M Ar mode .Op Fl k Ar dir @@ -109,7 +116,9 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar usershow -.Oo Fl n Oc name|uid | Fl u Ar uid +.Op name|uid +.Op Fl n Ar name +.Op Fl u Ar uid .Op Fl F .Op Fl P .Op Fl 7 @@ -124,9 +133,11 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar groupadd -.Oo Fl n Oc name Oo Fl g Ar gid Oc +.Op group|gid .Op Fl C Ar config .Op Fl q +.Op Fl n Ar group +.Op Fl g Ar gid .Op Fl M Ar members .Op Fl o .Op Fl h Ar fd | Fl H Ar fd @@ -137,16 +148,20 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar groupdel -.Oo Fl n Oc name|gid | Fl g Ar gid +.Op group|gid +.Op Fl n Ar name +.Op Fl g Ar gid .Op Fl Y .Nm .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar groupmod -.Oo Fl n Oc name|gid Oo Fl g Ar newgid Oc | Fl g Ar gid +.Op group|gid .Op Fl C Ar config .Op Fl q -.Op Fl l Ar newname +.Op Fl n Ar name +.Op Fl g Ar gid +.Op Fl l Ar name .Op Fl M Ar members .Op Fl m Ar newmembers .Op Fl d Ar oldmembers @@ -158,7 +173,9 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar groupshow -.Oo Fl n Oc name|gid | Fl g Ar gid +.Op group|gid +.Op Fl n Ar name +.Op Fl g Ar gid .Op Fl F .Op Fl P .Op Fl a @@ -172,14 +189,14 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar lock -.Oo Fl n Oc name|uid | Fl u Ar uid +.Op name|uid .Op Fl C Ar config .Op Fl q .Nm .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar unlock -.Oo Fl n Oc name|uid | Fl u Ar uid +.Op name|uid .Op Fl C Ar config .Op Fl q .Sh DESCRIPTION @@ -233,9 +250,8 @@ all mean the same thing.) This flexibility is useful for interactive scripts calling .Nm for user and group database manipulation. -Following these keywords, -the user or group name or numeric id may be optionally specified as an -alternative to using the +Following these keywords, you may optionally specify the user or group name or numeric +id as an alternative to using the .Fl n Ar name , .Fl u Ar uid , .Fl g Ar gid @@ -250,13 +266,12 @@ will operate. Any paths specified will be relative to .Va rootdir . .It Fl V Ar etcdir -Set an alternate location for the password, group, and configuration files. -Can be used to maintain a user/group database in an alternate location. +This flag sets an alternate location for the password, group and configuration files, +and may be used to maintain a user/group database in an alternate location. If this switch is specified, the system .Pa /etc/pw.conf -will not be sourced for default configuration data, -but the file pw.conf in the specified directory will be used instead -.Pq or none, if it does not exist . +will not be sourced for default configuration data, but the file pw.conf in the +specified directory will be used instead (or none, if it does not exist). The .Fl C flag may be used to override this behaviour. @@ -279,8 +294,7 @@ configuration file. .It Fl q Use of this option causes .Nm -to suppress error messages, -which may be useful in interactive environments where it +to suppress error messages, which may be useful in interactive environments where it is preferable to interpret status codes returned by .Nm rather than messing up a carefully formatted display. @@ -324,40 +338,27 @@ and .Ar usermod commands: .Bl -tag -width "-G grouplist" -.It Oo Fl n Oc Ar name -Required unless -.Fl u Ar uid -is given. +.It Fl n Ar name Specify the user/account name. -In the case of -.Ar usermod -can be a uid. .It Fl u Ar uid -Required if -.Ar name -is not given. Specify the user/account numeric id. -In the case of -.Ar usermod -if paired with -.Ar name , -changes the numeric id of the named user/account. .Pp -Usually, only one of these options is required, -as the account name will imply the uid, or vice versa. -However, there are times when both are needed. +Usually, you only need to provide one or the other of these options, as the account +name will imply the uid, or vice versa. +However, there are times when you need to provide both. For example, when changing the uid of an existing user with .Ar usermod , -or overriding the default uid when creating a new account with -.Ar useradd . -To automatically allocate the uid to a new user with +or overriding the default uid when creating a new account. +If you wish +.Nm +to automatically allocate the uid to a new user with .Ar useradd , -then do +then you should .Em not use the .Fl u option. -Either the account or userid can also be provided immediately after the +You may also provide either the account or userid immediately after the .Ar useradd , .Ar userdel , .Ar usermod @@ -371,23 +372,21 @@ options. .El .Bl -tag -width "-G grouplist" .It Fl c Ar comment -This field sets the contents of the passwd GECOS field, -which normally contains up to four comma-separated fields containing the -user's full name, office or location, +This field sets the contents of the passwd GECOS field, which normally contains up +to four comma-separated fields containing the user's full name, office or location, and work and home phone numbers. These sub-fields are used by convention only, however, and are optional. -If this field is to contain spaces, -the comment must be enclosed in double quotes +If this field is to contain spaces, you need to quote the comment itself with double +quotes .Ql \&" . -Avoid using commas in this field as these are used as sub-field separators, -and the colon +Avoid using commas in this field as these are used as sub-field separators, and the +colon .Ql \&: character also cannot be used as this is the field separator for the passwd file itself. .It Fl d Ar dir This option sets the account's home directory. -Normally, -this is only used if the home directory is to be different from the +Normally, you will only use this if the home directory is to be different from the default determined from .Pa /etc/pw.conf - normally @@ -397,15 +396,13 @@ with the account name as a subdirectory. Set the account's expiration date. Format of the date is either a UNIX time in decimal, or a date in .Ql dd-mmm-yy[yy] -format, where dd is the day, -mmm is the month, either in numeric or alphabetic format +format, where dd is the day, mmm is the month, either in numeric or alphabetic format ('Jan', 'Feb', etc) and year is either a two or four digit year. This option also accepts a relative date in the form .Ql \&+n[mhdwoy] where .Ql \&n -is a decimal, -octal (leading 0) or hexadecimal (leading 0x) digit followed by the +is a decimal, octal (leading 0) or hexadecimal (leading 0x) digit followed by the number of Minutes, Hours, Days, Weeks, Months or Years from the current date at which the expiration date is to be set. .It Fl p Ar date @@ -445,8 +442,8 @@ This option instructs to attempt to create the user's home directory. While primarily useful when adding a new account with .Ar useradd , -this may also be of use when moving an existing user's home directory elsewhere -on the file system. +this may also be of use when moving an existing user's home directory elsewhere on +the file system. The new home directory is populated with the contents of the .Ar skeleton directory, which typically contains a set of shell configuration files that the @@ -464,8 +461,7 @@ existing configuration files in the user's home directory are .Em not overwritten from the skeleton files. .Pp -When a user's home directory is created, -it will by default be a subdirectory of the +When a user's home directory is created, it will by default be a subdirectory of the .Ar basehome directory as specified by the .Fl b @@ -603,13 +599,10 @@ The default value for this is but it may be set elsewhere as desired. .It Fl e Ar days Set the default account expiration period in days. -When -.Fl D -is used, the -.Ar days -argument is interpreted differently. -It must be numeric and represents the number of days after creation -that the account expires. +Unlike use without +.Fl D , +the argument must be numeric, which specifies the number of days after creation when +the account is to expire. A value of 0 suppresses automatic calculation of the expiry date. .It Fl p Ar days Set the default password expiration period in days. @@ -622,8 +615,8 @@ with the same name as their login name. If a group is supplied, either its name or uid may be given as an argument. .It Fl G Ar grouplist Set the default groups in which new users are granted membership. -This is a separate set of groups from the primary group. -Avoid nominating the same group as both primary and extra groups. +This is a separate set of groups from the primary group, and you should avoid +nominating the same group as both primary and extra groups. In other words, these extra groups determine membership in groups .Em other than the primary group. @@ -637,8 +630,7 @@ This option sets the default login class for new users. .It Fl k Ar dir Set the default .Em skeleton -directory, -from which prototype shell and other initialization files are copied when +directory, from which prototype shell and other initialization files are copied when .Nm creates a user's home directory. See description of @@ -648,24 +640,22 @@ for naming conventions of these files. .Fl u Ar min , Ns Ar max , .Fl i Ar min , Ns Ar max .Xc -Set the minimum and maximum user and group ids allocated for new -accounts and groups created by +These options set the minimum and maximum user and group ids allocated for new accounts +and groups created by .Nm . The default values for each is 1000 minimum and 32000 maximum. .Ar min and .Ar max -are both numbers, where max must be greater than min, -and both must be between 0 and 32767. -In general, -user and group ids less than 100 are reserved for use by the system, -and numbers greater than 32000 may also be reserved for special purposes -.Pq used by some system daemons . +are both numbers, where max must be greater than min, and both must be between 0 +and 32767. +In general, user and group ids less than 100 are reserved for use by the system, +and numbers greater than 32000 may also be reserved for special purposes (used by +some system daemons). .It Fl w Ar method The .Fl w -option selects the default method used to set passwords for newly created user -accounts. +option sets the default method used to set passwords for newly created user accounts. .Ar method is one of: .Pp @@ -686,11 +676,9 @@ or .Ql \&no methods are the most secure; in the former case, .Nm -generates a password and prints it to stdout, -which is suitable when users are issued passwords rather than being allowed -to select their own -.Pq possibly poorly chosen -password. +generates a password and prints it to stdout, which is suitable where you issue +users with passwords to access their accounts rather than having the user nominate +their own (possibly poorly chosen) password. The .Ql \&no method requires that the superuser use @@ -711,7 +699,7 @@ servers. .Pp The .Ar userdel -command has three distinct options. +command has only three valid options. The .Fl n Ar name and @@ -726,8 +714,7 @@ to remove the user's home directory and all of its contents. The .Nm utility errs on the side of caution when removing files from the system. -Firstly, -it will not do so if the uid of the account being removed is also used by +Firstly, it will not do so if the uid of the account being removed is also used by another account on the system, and the 'home' directory in the password file is a valid path that commences with the character .Ql \&/ . @@ -738,20 +725,20 @@ will be removed. If any additional cleanup work is required, this is left to the administrator. .El .Pp -Mail spool files and crontabs are always removed when an account is deleted as -these are unconditionally attached to the user name. +Mail spool files and crontabs are always removed when an account is deleted as these +are unconditionally attached to the user name. Jobs queued for processing by .Ar at -are also removed if the user's uid is unique and not also used by another -account on the system. +are also removed if the user's uid is unique and not also used by another account on the +system. .Pp The .Ar usermod command adds one additional option: .Bl -tag -width "-G grouplist" -.It Fl l Ar newname +.It Fl l Ar name This option allows changing of an existing account name to -.Ql \&newname . +.Ql \&name . The new name must not already exist, and any attempt to duplicate an existing account name will be rejected. .El @@ -795,24 +782,10 @@ options (explained at the start of the previous section) are available with the group manipulation commands. Other common options to all group-related commands are: .Bl -tag -width "-m newmembers" -.It Oo Fl n Oc Ar name -Required unless -.Fl g Ar gid -is given. +.It Fl n Ar name Specify the group name. -In the case of -.Ar groupmod -can be a gid. .It Fl g Ar gid -Required if -.Ar name -is not given. Specify the group numeric id. -In the case of -.Ar groupmod -if paired with -.Ar name , -changes the numeric id of the named group. .Pp As with the account name and id fields, you will usually only need to supply one of these, as the group name implies the uid and vice @@ -849,19 +822,18 @@ silently eliminated. also has a .Fl o option that allows allocation of an existing group id to a new group. -The default action is to reject an attempt to add a group, -and this option overrides the check for duplicate group ids. +The default action is to reject an attempt to add a group, and this option overrides +the check for duplicate group ids. There is rarely any need to duplicate a group id. .Pp The .Ar groupmod command adds one additional option: .Bl -tag -width "-m newmembers" -.It Fl l Ar newname +.It Fl l Ar name This option allows changing of an existing group name to -.Ql \&newname . -The new name must not already exist, -and any attempt to duplicate an existing group +.Ql \&name . +The new name must not already exist, and any attempt to duplicate an existing group name will be rejected. .El .Pp @@ -32,12 +32,14 @@ static const char rcsid[] = #include <err.h> #include <fcntl.h> #include <locale.h> -#include <string.h> -#include <sysexits.h> -#include <unistd.h> - +#include <paths.h> +#include <stdbool.h> +#include <sys/wait.h> #include "pw.h" +#if !defined(_PATH_YP) +#define _PATH_YP "/var/yp/" +#endif const char *Modes[] = { "add", "del", "mod", "show", "next", NULL}; @@ -83,39 +85,55 @@ struct pwf VPWF = vgetgrnam, }; -static int (*cmdfunc[W_NUM][M_NUM])(int argc, char **argv, char *_name) = { - { /* user */ - pw_user_add, - pw_user_del, - pw_user_mod, - pw_user_show, - pw_user_next, - pw_user_lock, - pw_user_unlock, - }, - { /* group */ - pw_group_add, - pw_group_del, - pw_group_mod, - pw_group_show, - pw_group_next, - } -}; - struct pwconf conf; -static int getindex(const char *words[], const char *word); -static void cmdhelp(int mode, int which); +static struct cargs arglist; + +static int getindex(const char *words[], const char *word); +static void cmdhelp(int mode, int which); + int main(int argc, char *argv[]) { - int mode = -1, which = -1, tmp; + int ch; + int mode = -1; + int which = -1; + long id = -1; + char *config = NULL; struct stat st; - char arg, *arg1; + const char *errstr; + char arg, *name; bool relocated, nis; - arg1 = NULL; + static const char *opts[W_NUM][M_NUM] = + { + { /* user */ + "R:V:C:qn:u:c:d:e:p:g:G:mM:k:s:oL:i:w:h:H:Db:NPy:Y", + "R:V:C:qn:u:rY", + "R:V:C:qn:u:c:d:e:p:g:G:mM:l:k:s:w:L:h:H:FNPY", + "R:V:C:qn:u:FPa7", + "R:V:C:q", + "R:V:C:q", + "R:V:C:q" + }, + { /* grp */ + "R:V:C:qn:g:h:H:M:opNPY", + "R:V:C:qn:g:Y", + "R:V:C:qn:d:g:l:h:H:FM:m:NPY", + "R:V:C:qn:g:FPa", + "R:V:C:q" + } + }; + + static int (*funcs[W_NUM]) (int _mode, char *_name, long _id, + struct cargs * _args) = + { /* Request handlers */ + pw_user, + pw_group + }; + + name = NULL; relocated = nis = false; memset(&conf, 0, sizeof(conf)); strlcpy(conf.rootdir, "/", sizeof(conf.rootdir)); @@ -123,13 +141,17 @@ main(int argc, char *argv[]) conf.fd = -1; conf.checkduplicate = true; - setlocale(LC_ALL, ""); + LIST_INIT(&arglist); + + (void)setlocale(LC_ALL, ""); /* * Break off the first couple of words to determine what exactly * we're being asked to do */ while (argc > 1) { + int tmp; + if (*argv[1] == '-') { /* * Special case, allow pw -V<dir> <operation> [args] for scripts etc. @@ -175,9 +197,15 @@ main(int argc, char *argv[]) mode = tmp % M_NUM; } else if (strcmp(argv[1], "help") == 0 && argv[2] == NULL) cmdhelp(mode, which); - else if (which != -1 && mode != -1) - arg1 = argv[1]; - else + else if (which != -1 && mode != -1) { + if (strspn(argv[1], "0123456789") == strlen(argv[1])) { + id = strtonum(argv[1], 0, LONG_MAX, &errstr); + if (errstr != NULL) + errx(EX_USAGE, "Bad id '%s': %s", + argv[1], errstr); + } else + name = argv[1]; + } else errx(EX_USAGE, "unknown keyword `%s'", argv[1]); ++argv; --argc; @@ -192,22 +220,200 @@ main(int argc, char *argv[]) conf.rootfd = open(conf.rootdir, O_DIRECTORY|O_CLOEXEC); if (conf.rootfd == -1) errx(EXIT_FAILURE, "Unable to open '%s'", conf.rootdir); + conf.which = which; + /* + * We know which mode we're in and what we're about to do, so now + * let's dispatch the remaining command line args in a genric way. + */ + optarg = NULL; + + while ((ch = getopt(argc, argv, opts[which][mode])) != -1) { + switch (ch) { + case '?': + errx(EX_USAGE, "unknown switch"); + break; + case '7': + conf.v7 = true; + break; + case 'C': + conf.config = optarg; + config = conf.config; + break; + case 'F': + conf.force = true; + break; + case 'N': + conf.dryrun = true; + break; + case 'l': + if (strlen(optarg) >= MAXLOGNAME) + errx(EX_USAGE, "new name too long: %s", optarg); + conf.newname = optarg; + break; + case 'P': + conf.pretty = true; + break; + case 'Y': + nis = true; + break; + case 'a': + conf.all = true; + break; + case 'c': + conf.gecos = pw_checkname(optarg, 1); + break; + case 'g': + if (which == 0) { /* for user* */ + addarg(&arglist, 'g', optarg); + break; + } + if (strspn(optarg, "0123456789") != strlen(optarg)) + errx(EX_USAGE, "-g expects a number"); + id = strtonum(optarg, 0, LONG_MAX, &errstr); + if (errstr != NULL) + errx(EX_USAGE, "Bad id '%s': %s", optarg, + errstr); + break; + case 'u': + if (strspn(optarg, "0123456789,") != strlen(optarg)) + errx(EX_USAGE, "-u expects a number"); + if (strchr(optarg, ',') != NULL) { + addarg(&arglist, 'u', optarg); + break; + } + id = strtonum(optarg, 0, LONG_MAX, &errstr); + if (errstr != NULL) + errx(EX_USAGE, "Bad id '%s': %s", optarg, + errstr); + break; + case 'n': + if (strspn(optarg, "0123456789") != strlen(optarg)) { + name = optarg; + break; + } + id = strtonum(optarg, 0, LONG_MAX, &errstr); + if (errstr != NULL) + errx(EX_USAGE, "Bad id '%s': %s", optarg, + errstr); + break; + case 'H': + if (conf.fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + conf.precrypted = true; + if (strspn(optarg, "0123456789") != strlen(optarg)) + errx(EX_USAGE, "'-H' expects a file descriptor"); + + conf.fd = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr != NULL) + errx(EX_USAGE, "Bad file descriptor '%s': %s", + optarg, errstr); + break; + case 'h': + if (conf.fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); - return (cmdfunc[which][mode](argc, argv, arg1)); + if (strcmp(optarg, "-") == 0) + conf.fd = '-'; + else if (strspn(optarg, "0123456789") == strlen(optarg)) { + conf.fd = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr != NULL) + errx(EX_USAGE, "'-h' expects a " + "file descriptor or '-'"); + } else + errx(EX_USAGE, "'-h' expects a file " + "descriptor or '-'"); + break; + case 'o': + conf.checkduplicate = false; + break; + case 'q': + conf.quiet = true; + break; + case 'r': + conf.deletehome = true; + break; + default: + addarg(&arglist, ch, optarg); + break; + } + optarg = NULL; + } + + if (name != NULL && strlen(name) >= MAXLOGNAME) + errx(EX_USAGE, "name too long: %s", name); + + /* + * Must be root to attempt an update + */ + if (geteuid() != 0 && mode != M_PRINT && mode != M_NEXT && !conf.dryrun) + errx(EX_NOPERM, "you must be root to run this program"); + + /* + * We should immediately look for the -q 'quiet' switch so that we + * don't bother with extraneous errors + */ + if (conf.quiet) + freopen(_PATH_DEVNULL, "w", stderr); + + /* + * Set our base working path if not overridden + */ + + if (config == NULL) { /* Only override config location if -C not specified */ + asprintf(&config, "%s/pw.conf", conf.etcpath); + if (config == NULL) + errx(EX_OSERR, "out of memory"); + } + + /* + * Now, let's do the common initialisation + */ + conf.userconf = read_userconfig(config); + + ch = funcs[which] (mode, name, id, &arglist); + + /* + * If everything went ok, and we've been asked to update + * the NIS maps, then do it now + */ + if (ch == EXIT_SUCCESS && nis) { + pid_t pid; + + fflush(NULL); + if (chdir(_PATH_YP) == -1) + warn("chdir(" _PATH_YP ")"); + else if ((pid = fork()) == -1) + warn("fork()"); + else if (pid == 0) { + /* Is make anywhere else? */ + execlp("/usr/bin/make", "make", (char *)NULL); + _exit(1); + } else { + int i; + waitpid(pid, &i, 0); + if ((i = WEXITSTATUS(i)) != 0) + errx(ch, "make exited with status %d", i); + else + pw_log(conf.userconf, mode, which, "NIS maps updated"); + } + } + return ch; } static int getindex(const char *words[], const char *word) { - int i = 0; + int i = 0; while (words[i]) { if (strcmp(words[i], word) == 0) - return (i); + return i; i++; } - return (-1); + return -1; } @@ -257,7 +463,7 @@ cmdhelp(int mode, int which) " Setting defaults:\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" - "\t-D set user defaults\n" + "\t-D set user defaults\n" "\t-b dir default home root dir\n" "\t-e period default expiry period\n" "\t-p period default password change period\n" @@ -277,7 +483,6 @@ cmdhelp(int mode, int which) "\t-n name login name\n" "\t-u uid user id\n" "\t-Y update NIS maps\n" - "\t-y path set NIS passwd file path\n" "\t-r remove home & contents\n", "usage: pw usermod [uid|name] [switches]\n" "\t-V etcdir alternate /etc location\n" @@ -302,7 +507,6 @@ cmdhelp(int mode, int which) "\t-h fd read password on fd\n" "\t-H fd read encrypted password on fd\n" "\t-Y update NIS maps\n" - "\t-y path set NIS passwd file path\n" "\t-N no update\n", "usage: pw usershow [uid|name] [switches]\n" "\t-V etcdir alternate /etc location\n" @@ -379,3 +583,31 @@ cmdhelp(int mode, int which) } exit(EXIT_FAILURE); } + +struct carg * +getarg(struct cargs * _args, int ch) +{ + struct carg *c; + + if (_args == NULL) + return (NULL); + + c = LIST_FIRST(_args); + + while (c != NULL && c->ch != ch) + c = LIST_NEXT(c, list); + return c; +} + +struct carg * +addarg(struct cargs * _args, int ch, char *argstr) +{ + struct carg *ca = malloc(sizeof(struct carg)); + + if (ca == NULL) + errx(EX_OSERR, "out of memory"); + ca->ch = ch; + ca->val = argstr; + LIST_INSERT_HEAD(_args, ca, list); + return ca; +} @@ -26,13 +26,22 @@ * $FreeBSD$ */ -#include <sys/stat.h> - #define _WITH_GETLINE -#include <inttypes.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <stdarg.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/param.h> +#include <pwd.h> +#include <grp.h> +#include <sys/queue.h> +#include <sysexits.h> +#include "psdate.h" #include "pwupd.h" enum _mode @@ -54,44 +63,35 @@ enum _which W_NUM }; +struct carg +{ + int ch; + char *val; + LIST_ENTRY(carg) list; +}; + +LIST_HEAD(cargs, carg); + #define _DEF_DIRMODE (S_IRWXU | S_IRWXG | S_IRWXO) #define _PATH_PW_CONF "/etc/pw.conf" #define _UC_MAXLINE 1024 #define _UC_MAXSHELLS 32 -struct userconf *get_userconfig(const char *cfg); struct userconf *read_userconfig(char const * file); -int write_userconfig(struct userconf *cnf, char const * file); +int write_userconfig(char const * file); +struct carg *addarg(struct cargs * _args, int ch, char *argstr); +struct carg *getarg(struct cargs * _args, int ch); -int pw_group_add(int argc, char **argv, char *name); -int pw_group_del(int argc, char **argv, char *name); -int pw_group_mod(int argc, char **argv, char *name); -int pw_group_next(int argc, char **argv, char *name); -int pw_group_show(int argc, char **argv, char *name); -int pw_user_add(int argc, char **argv, char *name); -int pw_user_add(int argc, char **argv, char *name); -int pw_user_add(int argc, char **argv, char *name); -int pw_user_add(int argc, char **argv, char *name); -int pw_user_del(int argc, char **argv, char *name); -int pw_user_lock(int argc, char **argv, char *name); -int pw_user_mod(int argc, char **argv, char *name); -int pw_user_next(int argc, char **argv, char *name); -int pw_user_show(int argc, char **argv, char *name); -int pw_user_unlock(int argc, char **argv, char *name); +int pw_user(int mode, char *name, long id, struct cargs * _args); +int pw_usernext(struct userconf *cnf, bool quiet); +int pw_group(int mode, char *name, long id, struct cargs * _args); int pw_groupnext(struct userconf *cnf, bool quiet); char *pw_checkname(char *name, int gecos); -uintmax_t pw_checkid(char *nptr, uintmax_t maxval); -int pw_checkfd(char *nptr); int addnispwent(const char *path, struct passwd *pwd); int delnispwent(const char *path, const char *login); int chgnispwent(const char *path, const char *login, struct passwd *pwd); -int groupadd(struct userconf *, char *name, gid_t id, char *members, int fd, - bool dryrun, bool pretty, bool precrypted); - -int nis_update(void); - int boolean_val(char const * str, int dflt); char const *boolean_str(int val); char *newstr(char const * p); @@ -101,6 +101,3 @@ char *pw_pwcrypt(char *password); extern const char *Modes[]; extern const char *Which[]; - -uintmax_t strtounum(const char * __restrict, uintmax_t, uintmax_t, - const char ** __restrict); diff --git a/pw/pw_conf.c b/pw/pw_conf.c index e9606b4..33bb6b3 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -31,11 +31,10 @@ static const char rcsid[] = #include <sys/types.h> #include <sys/sbuf.h> - -#include <err.h> -#include <fcntl.h> #include <string.h> -#include <unistd.h> +#include <ctype.h> +#include <fcntl.h> +#include <err.h> #include "pw.h" @@ -228,13 +227,15 @@ read_userconfig(char const * file) { FILE *fp; char *buf, *p; - const char *errstr; size_t linecap; ssize_t linelen; buf = NULL; linecap = 0; + config.groups = sl_init(); + if (config.groups == NULL) + err(1, "sl_init()"); if (file == NULL) file = _PATH_PW_CONF; @@ -313,69 +314,36 @@ read_userconfig(char const * file) ? NULL : newstr(q); break; case _UC_EXTRAGROUPS: - for (i = 0; q != NULL; q = strtok(NULL, toks)) { - if (config.groups == NULL) - config.groups = sl_init(); + for (i = 0; q != NULL; q = strtok(NULL, toks)) sl_add(config.groups, newstr(q)); - } break; case _UC_DEFAULTCLASS: config.default_class = (q == NULL || !boolean_val(q, 1)) ? NULL : newstr(q); break; case _UC_MINUID: - if ((q = unquote(q)) != NULL) { - config.min_uid = strtounum(q, 0, - UID_MAX, &errstr); - if (errstr) - warnx("Invalid min_uid: '%s';" - " ignoring", q); - } + if ((q = unquote(q)) != NULL && isdigit(*q)) + config.min_uid = (uid_t) atol(q); break; case _UC_MAXUID: - if ((q = unquote(q)) != NULL) { - config.max_uid = strtounum(q, 0, - UID_MAX, &errstr); - if (errstr) - warnx("Invalid max_uid: '%s';" - " ignoring", q); - } + if ((q = unquote(q)) != NULL && isdigit(*q)) + config.max_uid = (uid_t) atol(q); break; case _UC_MINGID: - if ((q = unquote(q)) != NULL) { - config.min_gid = strtounum(q, 0, - GID_MAX, &errstr); - if (errstr) - warnx("Invalid min_gid: '%s';" - " ignoring", q); - } + if ((q = unquote(q)) != NULL && isdigit(*q)) + config.min_gid = (gid_t) atol(q); break; case _UC_MAXGID: - if ((q = unquote(q)) != NULL) { - config.max_gid = strtounum(q, 0, - GID_MAX, &errstr); - if (errstr) - warnx("Invalid max_gid: '%s';" - " ignoring", q); - } + if ((q = unquote(q)) != NULL && isdigit(*q)) + config.max_gid = (gid_t) atol(q); break; case _UC_EXPIRE: - if ((q = unquote(q)) != NULL) { - config.expire_days = strtonum(q, 0, - INT_MAX, &errstr); - if (errstr) - warnx("Invalid expire days:" - " '%s'; ignoring", q); - } + if ((q = unquote(q)) != NULL && isdigit(*q)) + config.expire_days = atoi(q); break; case _UC_PASSWORD: - if ((q = unquote(q)) != NULL) { - config.password_days = strtonum(q, 0, - INT_MAX, &errstr); - if (errstr) - warnx("Invalid password days:" - " '%s'; ignoring", q); - } + if ((q = unquote(q)) != NULL && isdigit(*q)) + config.password_days = atoi(q); break; case _UC_FIELDS: case _UC_NONE: @@ -391,7 +359,7 @@ read_userconfig(char const * file) int -write_userconfig(struct userconf *cnf, const char *file) +write_userconfig(char const * file) { int fd; int i, j; @@ -416,39 +384,40 @@ write_userconfig(struct userconf *cnf, const char *file) sbuf_clear(buf); switch (i) { case _UC_DEFAULTPWD: - sbuf_cat(buf, boolean_str(cnf->default_password)); + sbuf_cat(buf, boolean_str(config.default_password)); break; case _UC_REUSEUID: - sbuf_cat(buf, boolean_str(cnf->reuse_uids)); + sbuf_cat(buf, boolean_str(config.reuse_uids)); break; case _UC_REUSEGID: - sbuf_cat(buf, boolean_str(cnf->reuse_gids)); + sbuf_cat(buf, boolean_str(config.reuse_gids)); break; case _UC_NISPASSWD: - sbuf_cat(buf, cnf->nispasswd ? cnf->nispasswd : ""); + sbuf_cat(buf, config.nispasswd ? config.nispasswd : + ""); quote = 0; break; case _UC_DOTDIR: - sbuf_cat(buf, cnf->dotdir ? cnf->dotdir : + sbuf_cat(buf, config.dotdir ? config.dotdir : boolean_str(0)); break; case _UC_NEWMAIL: - sbuf_cat(buf, cnf->newmail ? cnf->newmail : + sbuf_cat(buf, config.newmail ? config.newmail : boolean_str(0)); break; case _UC_LOGFILE: - sbuf_cat(buf, cnf->logfile ? cnf->logfile : + sbuf_cat(buf, config.logfile ? config.logfile : boolean_str(0)); break; case _UC_HOMEROOT: - sbuf_cat(buf, cnf->home); + sbuf_cat(buf, config.home); break; case _UC_HOMEMODE: - sbuf_printf(buf, "%04o", cnf->homemode); + sbuf_printf(buf, "%04o", config.homemode); quote = 0; break; case _UC_SHELLPATH: - sbuf_cat(buf, cnf->shelldir); + sbuf_cat(buf, config.shelldir); break; case _UC_SHELLS: for (j = 0; j < _UC_MAXSHELLS && @@ -458,46 +427,46 @@ write_userconfig(struct userconf *cnf, const char *file) quote = 0; break; case _UC_DEFAULTSHELL: - sbuf_cat(buf, cnf->shell_default ? - cnf->shell_default : bourne_shell); + sbuf_cat(buf, config.shell_default ? + config.shell_default : bourne_shell); break; case _UC_DEFAULTGROUP: - sbuf_cat(buf, cnf->default_group ? - cnf->default_group : ""); + sbuf_cat(buf, config.default_group ? + config.default_group : ""); break; case _UC_EXTRAGROUPS: - for (j = 0; cnf->groups != NULL && - j < (int)cnf->groups->sl_cur; j++) + for (j = 0; config.groups != NULL && + j < (int)config.groups->sl_cur; j++) sbuf_printf(buf, "%s\"%s\"", j ? - "," : "", cnf->groups->sl_str[j]); + "," : "", config.groups->sl_str[j]); quote = 0; break; case _UC_DEFAULTCLASS: - sbuf_cat(buf, cnf->default_class ? - cnf->default_class : ""); + sbuf_cat(buf, config.default_class ? + config.default_class : ""); break; case _UC_MINUID: - sbuf_printf(buf, "%ju", (uintmax_t)cnf->min_uid); + sbuf_printf(buf, "%u", config.min_uid); quote = 0; break; case _UC_MAXUID: - sbuf_printf(buf, "%ju", (uintmax_t)cnf->max_uid); + sbuf_printf(buf, "%u", config.max_uid); quote = 0; break; case _UC_MINGID: - sbuf_printf(buf, "%ju", (uintmax_t)cnf->min_gid); + sbuf_printf(buf, "%u", config.min_gid); quote = 0; break; case _UC_MAXGID: - sbuf_printf(buf, "%ju", (uintmax_t)cnf->max_gid); + sbuf_printf(buf, "%u", config.max_gid); quote = 0; break; case _UC_EXPIRE: - sbuf_printf(buf, "%jd", (intmax_t)cnf->expire_days); + sbuf_printf(buf, "%d", config.expire_days); quote = 0; break; case _UC_PASSWORD: - sbuf_printf(buf, "%jd", (intmax_t)cnf->password_days); + sbuf_printf(buf, "%d", config.password_days); quote = 0; break; case _UC_NONE: diff --git a/pw/pw_group.c b/pw/pw_group.c index 711ef68..b0db3cf 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -31,50 +31,46 @@ static const char rcsid[] = #include <ctype.h> #include <err.h> -#include <grp.h> -#include <libutil.h> -#include <paths.h> -#include <string.h> -#include <sysexits.h> #include <termios.h> +#include <stdbool.h> #include <unistd.h> +#include <grp.h> +#include <libutil.h> #include "pw.h" #include "bitmap.h" + static struct passwd *lookup_pwent(const char *user); static void delete_members(struct group *grp, char *list); -static int print_group(struct group * grp, bool pretty); -static gid_t gr_gidpolicy(struct userconf * cnf, intmax_t id); +static int print_group(struct group * grp); +static gid_t gr_gidpolicy(struct userconf * cnf, long id); static void -grp_set_passwd(struct group *grp, bool update, int fd, bool precrypted) +set_passwd(struct group *grp, bool update) { int b; int istty; struct termios t, n; char *p, line[256]; - if (fd == -1) - return; - - if (fd == '-') { + if (conf.fd == '-') { grp->gr_passwd = "*"; /* No access */ return; } - if ((istty = isatty(fd))) { + if ((istty = isatty(conf.fd))) { n = t; /* Disable echo */ n.c_lflag &= ~(ECHO); - tcsetattr(fd, TCSANOW, &n); + tcsetattr(conf.fd, TCSANOW, &n); printf("%sassword for group %s:", update ? "New p" : "P", grp->gr_name); fflush(stdout); } - b = read(fd, line, sizeof(line) - 1); + b = read(conf.fd, line, sizeof(line) - 1); if (istty) { /* Restore state */ - tcsetattr(fd, TCSANOW, &t); + tcsetattr(conf.fd, TCSANOW, &t); fputc('\n', stdout); fflush(stdout); } @@ -86,7 +82,7 @@ grp_set_passwd(struct group *grp, bool update, int fd, bool precrypted) if (!*line) errx(EX_DATAERR, "empty password read on file descriptor %d", conf.fd); - if (precrypted) { + if (conf.precrypted) { if (strchr(line, ':') != 0) errx(EX_DATAERR, "wrong encrypted passwrd"); grp->gr_passwd = line; @@ -101,29 +97,198 @@ pw_groupnext(struct userconf *cnf, bool quiet) if (quiet) return (next); - printf("%ju\n", (uintmax_t)next); + printf("%u\n", next); return (EXIT_SUCCESS); } -static struct group * -getgroup(char *name, intmax_t id, bool fatal) +static int +pw_groupshow(const char *name, long id, struct group *fakegroup) { - struct group *grp; + struct group *grp = NULL; + + if (id < 0 && name == NULL && !conf.all) + errx(EX_DATAERR, "groupname or id or '-a' required"); + + if (conf.all) { + SETGRENT(); + while ((grp = GETGRENT()) != NULL) + print_group(grp); + ENDGRENT(); + + return (EXIT_SUCCESS); + } + + grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); + if (grp == NULL) { + if (conf.force) { + grp = fakegroup; + } else { + if (name == NULL) + errx(EX_DATAERR, "unknown gid `%ld'", id); + errx(EX_DATAERR, "unknown group `%s'", name); + } + } + + return (print_group(grp)); +} + +static int +pw_groupdel(const char *name, long id) +{ + struct group *grp = NULL; + int rc; - if (id < 0 && name == NULL) - errx(EX_DATAERR, "groupname or id required"); grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); if (grp == NULL) { - if (!fatal) - return (NULL); if (name == NULL) - errx(EX_DATAERR, "unknown gid `%ju'", id); + errx(EX_DATAERR, "unknown gid `%ld'", id); errx(EX_DATAERR, "unknown group `%s'", name); } - return (grp); + + rc = delgrent(grp); + if (rc == -1) + err(EX_IOERR, "group '%s' not available (NIS?)", name); + else if (rc != 0) + err(EX_IOERR, "group update"); + pw_log(conf.userconf, M_DELETE, W_GROUP, "%s(%ld) removed", name, id); + + return (EXIT_SUCCESS); +} + +int +pw_group(int mode, char *name, long id, struct cargs * args) +{ + int rc; + struct carg *arg; + struct group *grp = NULL; + struct userconf *cnf = conf.userconf; + + static struct group fakegroup = + { + "nogroup", + "*", + -1, + NULL + }; + + if (mode == M_NEXT) + return (pw_groupnext(cnf, conf.quiet)); + + if (mode == M_PRINT) + return (pw_groupshow(name, id, &fakegroup)); + + if (mode == M_DELETE) + return (pw_groupdel(name, id)); + + if (mode == M_LOCK || mode == M_UNLOCK) + errx(EX_USAGE, "'lock' command is not available for groups"); + + if (id < 0 && name == NULL) + errx(EX_DATAERR, "group name or id required"); + + grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); + + if (mode == M_UPDATE) { + if (name == NULL && grp == NULL) /* Try harder */ + grp = GETGRGID(id); + + if (grp == NULL) { + if (name == NULL) + errx(EX_DATAERR, "unknown group `%s'", name); + else + errx(EX_DATAERR, "unknown group `%ld'", id); + } + if (name == NULL) /* Needed later */ + name = grp->gr_name; + + if (id > 0) + grp->gr_gid = (gid_t) id; + + if (conf.newname != NULL) + grp->gr_name = pw_checkname(conf.newname, 0); + } else { + if (name == NULL) /* Required */ + errx(EX_DATAERR, "group name required"); + else if (grp != NULL) /* Exists */ + errx(EX_DATAERR, "group name `%s' already exists", name); + + grp = &fakegroup; + grp->gr_name = pw_checkname(name, 0); + grp->gr_passwd = "*"; + grp->gr_gid = gr_gidpolicy(cnf, id); + grp->gr_mem = NULL; + } + + /* + * This allows us to set a group password Group passwords is an + * antique idea, rarely used and insecure (no secure database) Should + * be discouraged, but it is apparently still supported by some + * software. + */ + + if (conf.which == W_GROUP && conf.fd != -1) + set_passwd(grp, mode == M_UPDATE); + + if (((arg = getarg(args, 'M')) != NULL || + (arg = getarg(args, 'd')) != NULL || + (arg = getarg(args, 'm')) != NULL) && arg->val) { + char *p; + struct passwd *pwd; + + /* Make sure this is not stay NULL with -M "" */ + if (arg->ch == 'd') + delete_members(grp, arg->val); + else if (arg->ch == 'M') + grp->gr_mem = NULL; + + for (p = strtok(arg->val, ", \t"); arg->ch != 'd' && p != NULL; + p = strtok(NULL, ", \t")) { + int j; + + /* + * Check for duplicates + */ + pwd = lookup_pwent(p); + for (j = 0; grp->gr_mem != NULL && grp->gr_mem[j] != NULL; j++) { + if (strcmp(grp->gr_mem[j], pwd->pw_name) == 0) + break; + } + if (grp->gr_mem != NULL && grp->gr_mem[j] != NULL) + continue; + grp = gr_add(grp, pwd->pw_name); + } + } + + if (conf.dryrun) + return print_group(grp); + + if (mode == M_ADD && (rc = addgrent(grp)) != 0) { + if (rc == -1) + errx(EX_IOERR, "group '%s' already exists", + grp->gr_name); + else + err(EX_IOERR, "group update"); + } else if (mode == M_UPDATE && (rc = chggrent(name, grp)) != 0) { + if (rc == -1) + errx(EX_IOERR, "group '%s' not available (NIS?)", + grp->gr_name); + else + err(EX_IOERR, "group update"); + } + + if (conf.newname != NULL) + name = conf.newname; + /* grp may have been invalidated */ + if ((grp = GETGRNAM(name)) == NULL) + errx(EX_SOFTWARE, "group disappeared during update"); + + pw_log(cnf, mode, W_GROUP, "%s(%u)", grp->gr_name, grp->gr_gid); + + return EXIT_SUCCESS; } + /* * Lookup a passwd entry using a name or UID. */ @@ -166,11 +331,11 @@ delete_members(struct group *grp, char *list) } } -static gid_t -gr_gidpolicy(struct userconf * cnf, intmax_t id) + +static gid_t +gr_gidpolicy(struct userconf * cnf, long id) { struct group *grp; - struct bitmap bm; gid_t gid = (gid_t) - 1; /* @@ -180,62 +345,67 @@ gr_gidpolicy(struct userconf * cnf, intmax_t id) gid = (gid_t) id; if ((grp = GETGRGID(gid)) != NULL && conf.checkduplicate) - errx(EX_DATAERR, "gid `%ju' has already been allocated", - (uintmax_t)grp->gr_gid); - return (gid); - } - - /* - * We need to allocate the next available gid under one of - * two policies a) Grab the first unused gid b) Grab the - * highest possible unused gid - */ - if (cnf->min_gid >= cnf->max_gid) { /* Sanity claus^H^H^H^Hheck */ - cnf->min_gid = 1000; - cnf->max_gid = 32000; - } - bm = bm_alloc(cnf->max_gid - cnf->min_gid + 1); + errx(EX_DATAERR, "gid `%u' has already been allocated", grp->gr_gid); + } else { + struct bitmap bm; + + /* + * We need to allocate the next available gid under one of + * two policies a) Grab the first unused gid b) Grab the + * highest possible unused gid + */ + if (cnf->min_gid >= cnf->max_gid) { /* Sanity claus^H^H^H^Hheck */ + cnf->min_gid = 1000; + cnf->max_gid = 32000; + } + bm = bm_alloc(cnf->max_gid - cnf->min_gid + 1); - /* - * Now, let's fill the bitmap from the password file - */ - SETGRENT(); - while ((grp = GETGRENT()) != NULL) - if ((gid_t)grp->gr_gid >= (gid_t)cnf->min_gid && - (gid_t)grp->gr_gid <= (gid_t)cnf->max_gid) - bm_setbit(&bm, grp->gr_gid - cnf->min_gid); - ENDGRENT(); + /* + * Now, let's fill the bitmap from the password file + */ + SETGRENT(); + while ((grp = GETGRENT()) != NULL) + if ((gid_t)grp->gr_gid >= (gid_t)cnf->min_gid && + (gid_t)grp->gr_gid <= (gid_t)cnf->max_gid) + bm_setbit(&bm, grp->gr_gid - cnf->min_gid); + ENDGRENT(); - /* - * Then apply the policy, with fallback to reuse if necessary - */ - if (cnf->reuse_gids) - gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid); - else { - gid = (gid_t) (bm_lastset(&bm) + 1); - if (!bm_isset(&bm, gid)) - gid += cnf->min_gid; - else + /* + * Then apply the policy, with fallback to reuse if necessary + */ + if (cnf->reuse_gids) gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid); - } + else { + gid = (gid_t) (bm_lastset(&bm) + 1); + if (!bm_isset(&bm, gid)) + gid += cnf->min_gid; + else + gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid); + } - /* - * Another sanity check - */ - if (gid < cnf->min_gid || gid > cnf->max_gid) - errx(EX_SOFTWARE, "unable to allocate a new gid - range fully " - "used"); - bm_dealloc(&bm); - return (gid); + /* + * Another sanity check + */ + if (gid < cnf->min_gid || gid > cnf->max_gid) + errx(EX_SOFTWARE, "unable to allocate a new gid - range fully used"); + bm_dealloc(&bm); + } + return gid; } + static int -print_group(struct group * grp, bool pretty) +print_group(struct group * grp) { - char *buf = NULL; - int i; + if (!conf.pretty) { + char *buf = NULL; + + buf = gr_make(grp); + printf("%s\n", buf); + free(buf); + } else { + int i; - if (pretty) { printf("Group Name: %-15s #%lu\n" " Members: ", grp->gr_name, (long) grp->gr_gid); @@ -244,446 +414,6 @@ print_group(struct group * grp, bool pretty) printf("%s%s", i ? "," : "", grp->gr_mem[i]); } fputs("\n\n", stdout); - return (EXIT_SUCCESS); - } - - buf = gr_make(grp); - printf("%s\n", buf); - free(buf); - return (EXIT_SUCCESS); -} - -int -pw_group_next(int argc, char **argv, char *arg1 __unused) -{ - struct userconf *cnf; - const char *cfg = NULL; - int ch; - bool quiet; - - while ((ch = getopt(argc, argv, "Cq")) != -1) { - switch (ch) { - case 'C': - cfg = optarg; - break; - case 'q': - quiet = true; - break; - } } - - if (quiet) - freopen(_PATH_DEVNULL, "w", stderr); - cnf = get_userconfig(cfg); - return (pw_groupnext(cnf, quiet)); -} - -int -pw_group_show(int argc, char **argv, char *arg1) -{ - struct group *grp = NULL; - char *name; - intmax_t id = -1; - int ch; - bool all, force, quiet, pretty; - - all = force = quiet = pretty = false; - - struct group fakegroup = { - "nogroup", - "*", - -1, - NULL - }; - - if (arg1 != NULL) { - if (arg1[strspn(arg1, "0123456789")] == '\0') - id = pw_checkid(arg1, GID_MAX); - else - name = arg1; - } - - while ((ch = getopt(argc, argv, "C:qn:g:FPa")) != -1) { - switch (ch) { - case 'C': - /* ignore compatibility */ - break; - case 'q': - quiet = true; - break; - case 'n': - name = optarg; - break; - case 'g': - id = pw_checkid(optarg, GID_MAX); - break; - case 'F': - force = true; - break; - case 'P': - pretty = true; - break; - case 'a': - all = true; - break; - } - } - - if (quiet) - freopen(_PATH_DEVNULL, "w", stderr); - - if (all) { - SETGRENT(); - while ((grp = GETGRENT()) != NULL) - print_group(grp, pretty); - ENDGRENT(); - return (EXIT_SUCCESS); - } - - grp = getgroup(name, id, !force); - if (grp == NULL) - grp = &fakegroup; - - return (print_group(grp, pretty)); -} - -int -pw_group_del(int argc, char **argv, char *arg1) -{ - struct userconf *cnf = NULL; - struct group *grp = NULL; - char *name; - const char *cfg = NULL; - intmax_t id = -1; - int ch, rc; - bool quiet = false; - bool nis = false; - - if (arg1 != NULL) { - if (arg1[strspn(arg1, "0123456789")] == '\0') - id = pw_checkid(arg1, GID_MAX); - else - name = arg1; - } - - while ((ch = getopt(argc, argv, "C:qn:g:Y")) != -1) { - switch (ch) { - case 'C': - cfg = optarg; - break; - case 'q': - quiet = true; - break; - case 'n': - name = optarg; - break; - case 'g': - id = pw_checkid(optarg, GID_MAX); - break; - case 'Y': - nis = true; - break; - } - } - - if (quiet) - freopen(_PATH_DEVNULL, "w", stderr); - grp = getgroup(name, id, true); - cnf = get_userconfig(cfg); - rc = delgrent(grp); - if (rc == -1) - err(EX_IOERR, "group '%s' not available (NIS?)", name); - else if (rc != 0) - err(EX_IOERR, "group update"); - pw_log(cnf, M_DELETE, W_GROUP, "%s(%ju) removed", name, - (uintmax_t)id); - - if (nis && nis_update() == 0) - pw_log(cnf, M_DELETE, W_GROUP, "NIS maps updated"); - - return (EXIT_SUCCESS); -} - -static bool -grp_has_member(struct group *grp, const char *name) -{ - int j; - - for (j = 0; grp->gr_mem != NULL && grp->gr_mem[j] != NULL; j++) - if (strcmp(grp->gr_mem[j], name) == 0) - return (true); - return (false); -} - -static void -grp_add_members(struct group **grp, char *members) -{ - struct passwd *pwd; - char *p; - char tok[] = ", \t"; - - if (members == NULL) - return; - for (p = strtok(members, tok); p != NULL; p = strtok(NULL, tok)) { - pwd = lookup_pwent(p); - if (grp_has_member(*grp, pwd->pw_name)) - continue; - *grp = gr_add(*grp, pwd->pw_name); - } -} - -int -groupadd(struct userconf *cnf, char *name, gid_t id, char *members, int fd, - bool dryrun, bool pretty, bool precrypted) -{ - struct group *grp; - int rc; - - struct group fakegroup = { - "nogroup", - "*", - -1, - NULL - }; - - grp = &fakegroup; - grp->gr_name = pw_checkname(name, 0); - grp->gr_passwd = "*"; - grp->gr_gid = gr_gidpolicy(cnf, id); - grp->gr_mem = NULL; - - /* - * This allows us to set a group password Group passwords is an - * antique idea, rarely used and insecure (no secure database) Should - * be discouraged, but it is apparently still supported by some - * software. - */ - grp_set_passwd(grp, false, fd, precrypted); - grp_add_members(&grp, members); - if (dryrun) - return (print_group(grp, pretty)); - - if ((rc = addgrent(grp)) != 0) { - if (rc == -1) - errx(EX_IOERR, "group '%s' already exists", - grp->gr_name); - else - err(EX_IOERR, "group update"); - } - - pw_log(cnf, M_ADD, W_GROUP, "%s(%ju)", grp->gr_name, - (uintmax_t)grp->gr_gid); - - return (EXIT_SUCCESS); -} - -int -pw_group_add(int argc, char **argv, char *arg1) -{ - struct userconf *cnf = NULL; - char *name = NULL; - char *members = NULL; - const char *cfg = NULL; - intmax_t id = -1; - int ch, rc, fd = -1; - bool quiet, precrypted, dryrun, pretty, nis; - - quiet = precrypted = dryrun = pretty = nis = false; - - if (arg1 != NULL) { - if (arg1[strspn(arg1, "0123456789")] == '\0') - id = pw_checkid(arg1, GID_MAX); - else - name = arg1; - } - - while ((ch = getopt(argc, argv, "C:qn:g:h:H:M:oNPY")) != -1) { - switch (ch) { - case 'C': - cfg = optarg; - break; - case 'q': - quiet = true; - break; - case 'n': - name = optarg; - break; - case 'g': - id = pw_checkid(optarg, GID_MAX); - break; - case 'H': - if (fd != -1) - errx(EX_USAGE, "'-h' and '-H' are mutually " - "exclusive options"); - fd = pw_checkfd(optarg); - precrypted = true; - if (fd == '-') - errx(EX_USAGE, "-H expects a file descriptor"); - break; - case 'h': - if (fd != -1) - errx(EX_USAGE, "'-h' and '-H' are mutually " - "exclusive options"); - fd = pw_checkfd(optarg); - break; - case 'M': - members = optarg; - break; - case 'o': - conf.checkduplicate = false; - break; - case 'N': - dryrun = true; - break; - case 'P': - pretty = true; - break; - case 'Y': - nis = true; - break; - } - } - - if (quiet) - freopen(_PATH_DEVNULL, "w", stderr); - if (name == NULL) - errx(EX_DATAERR, "group name required"); - if (GETGRNAM(name) != NULL) - errx(EX_DATAERR, "group name `%s' already exists", name); - cnf = get_userconfig(cfg); - rc = groupadd(cnf, name, gr_gidpolicy(cnf, id), members, fd, dryrun, - pretty, precrypted); - if (nis && rc == EXIT_SUCCESS && nis_update() == 0) - pw_log(cnf, M_ADD, W_GROUP, "NIS maps updated"); - - return (rc); -} - -int -pw_group_mod(int argc, char **argv, char *arg1) -{ - struct userconf *cnf; - struct group *grp = NULL; - const char *cfg = NULL; - char *oldmembers = NULL; - char *members = NULL; - char *newmembers = NULL; - char *newname = NULL; - char *name = NULL; - intmax_t id = -1; - int ch, rc, fd = -1; - bool quiet, pretty, dryrun, nis, precrypted; - - quiet = pretty = dryrun = nis = precrypted = false; - - if (arg1 != NULL) { - if (arg1[strspn(arg1, "0123456789")] == '\0') - id = pw_checkid(arg1, GID_MAX); - else - name = arg1; - } - - while ((ch = getopt(argc, argv, "C:qn:d:g:l:h:H:M:m:NPY")) != -1) { - switch (ch) { - case 'C': - cfg = optarg; - break; - case 'q': - quiet = true; - break; - case 'n': - name = optarg; - break; - case 'g': - id = pw_checkid(optarg, GID_MAX); - break; - case 'd': - oldmembers = optarg; - break; - case 'l': - newname = optarg; - break; - case 'H': - if (fd != -1) - errx(EX_USAGE, "'-h' and '-H' are mutually " - "exclusive options"); - fd = pw_checkfd(optarg); - precrypted = true; - if (fd == '-') - errx(EX_USAGE, "-H expects a file descriptor"); - break; - case 'h': - if (fd != -1) - errx(EX_USAGE, "'-h' and '-H' are mutually " - "exclusive options"); - fd = pw_checkfd(optarg); - break; - case 'M': - members = optarg; - break; - case 'm': - newmembers = optarg; - break; - case 'N': - dryrun = true; - break; - case 'P': - pretty = true; - break; - case 'Y': - nis = true; - break; - } - } - if (quiet) - freopen(_PATH_DEVNULL, "w", stderr); - cnf = get_userconfig(cfg); - grp = getgroup(name, id, true); - if (name == NULL) - name = grp->gr_name; - if (id > 0) - grp->gr_gid = id; - - if (newname != NULL) - grp->gr_name = pw_checkname(newname, 0); - - grp_set_passwd(grp, true, fd, precrypted); - /* - * Keep the same logic as old code for now: - * if -M is passed, -d and -m are ignored - * then id -d, -m is ignored - * last is -m - */ - - if (members) { - grp->gr_mem = NULL; - grp_add_members(&grp, members); - } else if (oldmembers) { - delete_members(grp, oldmembers); - } else if (newmembers) { - grp_add_members(&grp, newmembers); - } - - if ((rc = chggrent(name, grp)) != 0) { - if (rc == -1) - errx(EX_IOERR, "group '%s' not available (NIS?)", - grp->gr_name); - else - err(EX_IOERR, "group update"); - } - - if (newname) - name = newname; - - /* grp may have been invalidated */ - if ((grp = GETGRNAM(name)) == NULL) - errx(EX_SOFTWARE, "group disappeared during update"); - - pw_log(cnf, M_UPDATE, W_GROUP, "%s(%ju)", grp->gr_name, - (uintmax_t)grp->gr_gid); - - if (nis && nis_update() == 0) - pw_log(cnf, M_UPDATE, W_GROUP, "NIS maps updated"); - - return (EXIT_SUCCESS); + return EXIT_SUCCESS; } diff --git a/pw/pw_log.c b/pw/pw_log.c index 29038d9..b774423 100644 --- a/pw/pw_log.c +++ b/pw/pw_log.c @@ -30,8 +30,6 @@ static const char rcsid[] = #endif /* not lint */ #include <fcntl.h> -#include <string.h> -#include <stdarg.h> #include "pw.h" diff --git a/pw/pw_nis.c b/pw/pw_nis.c index 6cc361b..c786cc7 100644 --- a/pw/pw_nis.c +++ b/pw/pw_nis.c @@ -30,7 +30,6 @@ static const char rcsid[] = #endif /* not lint */ #include <sys/types.h> - #include <err.h> #include <pwd.h> #include <libutil.h> @@ -44,7 +43,6 @@ pw_nisupdate(const char * path, struct passwd * pwd, char const * user) struct passwd *pw = NULL; struct passwd *old_pw = NULL; - printf("===> %s\n", path); if (pwd != NULL) pw = pw_dup(pwd); diff --git a/pw/pw_user.c b/pw/pw_user.c index f133147..d6dad3f 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -30,131 +30,48 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ -#include <sys/param.h> -#include <sys/resource.h> -#include <sys/time.h> -#include <sys/types.h> - #include <ctype.h> -#include <dirent.h> #include <err.h> -#include <errno.h> #include <fcntl.h> -#include <grp.h> -#include <pwd.h> -#include <libutil.h> -#include <login_cap.h> +#include <sys/param.h> +#include <dirent.h> #include <paths.h> -#include <string.h> -#include <sysexits.h> #include <termios.h> -#include <unistd.h> - +#include <sys/types.h> +#include <sys/time.h> +#include <sys/resource.h> +#include <login_cap.h> +#include <pwd.h> +#include <grp.h> +#include <libutil.h> #include "pw.h" #include "bitmap.h" -#include "psdate.h" #define LOGNAMESIZE (MAXLOGNAME-1) static char locked_str[] = "*LOCKED*"; -static struct passwd fakeuser = { - "nouser", - "*", - -1, - -1, - 0, - "", - "User &", - "/nonexistent", - "/bin/sh", - 0, - 0 -}; - -static int print_user(struct passwd *pwd, bool pretty, bool v7); -static uid_t pw_uidpolicy(struct userconf *cnf, intmax_t id); -static uid_t pw_gidpolicy(struct userconf *cnf, char *grname, char *nam, - gid_t prefer, bool dryrun); -static char *pw_homepolicy(struct userconf * cnf, char *homedir, - const char *user); -static char *pw_shellpolicy(struct userconf * cnf); -static char *pw_password(struct userconf * cnf, char const * user, - bool dryrun); -static char *shell_path(char const * path, char *shells[], char *sh); -static void rmat(uid_t uid); -static void rmopie(char const * name); +static int pw_userdel(char *name, long id); +static int print_user(struct passwd * pwd); +static uid_t pw_uidpolicy(struct userconf * cnf, long id); +static uid_t pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer); +static time_t pw_pwdpolicy(struct userconf * cnf, struct cargs * args); +static time_t pw_exppolicy(struct userconf * cnf, struct cargs * args); +static char *pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user); +static char *pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell); +static char *pw_password(struct userconf * cnf, char const * user); +static char *shell_path(char const * path, char *shells[], char *sh); +static void rmat(uid_t uid); +static void rmopie(char const * name); static void -mkdir_home_parents(int dfd, const char *dir) -{ - struct stat st; - char *dirs, *tmp; - - if (*dir != '/') - errx(EX_DATAERR, "invalid base directory for home '%s'", dir); - - dir++; - - if (fstatat(dfd, dir, &st, 0) != -1) { - if (S_ISDIR(st.st_mode)) - return; - errx(EX_OSFILE, "root home `/%s' is not a directory", dir); - } - - dirs = strdup(dir); - if (dirs == NULL) - errx(EX_UNAVAILABLE, "out of memory"); - - tmp = strrchr(dirs, '/'); - if (tmp == NULL) - return; - tmp[0] = '\0'; - - /* - * This is a kludge especially for Joerg :) - * If the home directory would be created in the root partition, then - * we really create it under /usr which is likely to have more space. - * But we create a symlink from cnf->home -> "/usr" -> cnf->home - */ - if (strchr(dirs, '/') == NULL) { - asprintf(&tmp, "usr/%s", dirs); - if (tmp == NULL) - errx(EX_UNAVAILABLE, "out of memory"); - if (mkdirat(dfd, tmp, _DEF_DIRMODE) != -1 || errno == EEXIST) { - fchownat(dfd, tmp, 0, 0, 0); - symlinkat(tmp, dfd, dirs); - } - free(tmp); - } - tmp = dirs; - if (fstatat(dfd, dirs, &st, 0) == -1) { - while ((tmp = strchr(tmp + 1, '/')) != NULL) { - *tmp = '\0'; - if (fstatat(dfd, dirs, &st, 0) == -1) { - if (mkdirat(dfd, dirs, _DEF_DIRMODE) == -1) - err(EX_OSFILE, "'%s' (root home parent) is not a directory", dirs); - } - *tmp = '/'; - } - } - if (fstatat(dfd, dirs, &st, 0) == -1) { - if (mkdirat(dfd, dirs, _DEF_DIRMODE) == -1) - err(EX_OSFILE, "'%s' (root home parent) is not a directory", dirs); - fchownat(dfd, dirs, 0, 0, 0); - } - - free(dirs); -} - -static void -create_and_populate_homedir(struct userconf *cnf, struct passwd *pwd, - const char *skeldir, mode_t homemode, bool update) +create_and_populate_homedir(struct passwd *pwd) { + struct userconf *cnf = conf.userconf; + const char *skeldir; int skelfd = -1; - /* Create home parents directories */ - mkdir_home_parents(conf.rootfd, pwd->pw_dir); + skeldir = cnf->dotdir; if (skeldir != NULL && *skeldir != '\0') { if (*skeldir == '/') @@ -162,14 +79,14 @@ create_and_populate_homedir(struct userconf *cnf, struct passwd *pwd, skelfd = openat(conf.rootfd, skeldir, O_DIRECTORY|O_CLOEXEC); } - copymkdir(conf.rootfd, pwd->pw_dir, skelfd, homemode, pwd->pw_uid, + copymkdir(conf.rootfd, pwd->pw_dir, skelfd, cnf->homemode, pwd->pw_uid, pwd->pw_gid, 0); - pw_log(cnf, update ? M_UPDATE : M_ADD, W_USER, "%s(%ju) home %s made", - pwd->pw_name, (uintmax_t)pwd->pw_uid, pwd->pw_dir); + pw_log(cnf, M_ADD, W_USER, "%s(%u) home %s made", pwd->pw_name, + pwd->pw_uid, pwd->pw_dir); } static int -pw_set_passwd(struct passwd *pwd, int fd, bool precrypted, bool update) +set_passwd(struct passwd *pwd, bool update) { int b, istty; struct termios t, n; @@ -177,7 +94,7 @@ pw_set_passwd(struct passwd *pwd, int fd, bool precrypted, bool update) char line[_PASSWORD_LEN+1]; char *p; - if (fd == '-') { + if (conf.fd == '-') { if (!pwd->pw_passwd || *pwd->pw_passwd != '*') { pwd->pw_passwd = "*"; /* No access */ return (1); @@ -185,40 +102,40 @@ pw_set_passwd(struct passwd *pwd, int fd, bool precrypted, bool update) return (0); } - if ((istty = isatty(fd))) { - if (tcgetattr(fd, &t) == -1) + if ((istty = isatty(conf.fd))) { + if (tcgetattr(conf.fd, &t) == -1) istty = 0; else { n = t; n.c_lflag &= ~(ECHO); - tcsetattr(fd, TCSANOW, &n); + tcsetattr(conf.fd, TCSANOW, &n); printf("%s%spassword for user %s:", update ? "new " : "", - precrypted ? "encrypted " : "", + conf.precrypted ? "encrypted " : "", pwd->pw_name); fflush(stdout); } } - b = read(fd, line, sizeof(line) - 1); + b = read(conf.fd, line, sizeof(line) - 1); if (istty) { /* Restore state */ - tcsetattr(fd, TCSANOW, &t); + tcsetattr(conf.fd, TCSANOW, &t); fputc('\n', stdout); fflush(stdout); } if (b < 0) err(EX_IOERR, "-%c file descriptor", - precrypted ? 'H' : 'h'); + conf.precrypted ? 'H' : 'h'); line[b] = '\0'; if ((p = strpbrk(line, "\r\n")) != NULL) *p = '\0'; if (!*line) errx(EX_DATAERR, "empty password read on file descriptor %d", - fd); - if (precrypted) { + conf.fd); + if (conf.precrypted) { if (strchr(line, ':') != NULL) errx(EX_DATAERR, "bad encrypted password"); - pwd->pw_passwd = strdup(line); + pwd->pw_passwd = line; } else { lc = login_getpwclass(pwd); if (lc == NULL || @@ -230,15 +147,54 @@ pw_set_passwd(struct passwd *pwd, int fd, bool precrypted, bool update) return (1); } +int +pw_usernext(struct userconf *cnf, bool quiet) +{ + uid_t next = pw_uidpolicy(cnf, -1); + + if (quiet) + return (next); + + printf("%u:", next); + pw_groupnext(cnf, quiet); + + return (EXIT_SUCCESS); +} + +static int +pw_usershow(char *name, long id, struct passwd *fakeuser) +{ + struct passwd *pwd = NULL; + + if (id < 0 && name == NULL && !conf.all) + errx(EX_DATAERR, "username or id or '-a' required"); + + if (conf.all) { + SETPWENT(); + while ((pwd = GETPWENT()) != NULL) + print_user(pwd); + ENDPWENT(); + return (EXIT_SUCCESS); + } + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (conf.force) { + pwd = fakeuser; + } else { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); + } + } + + return (print_user(pwd)); +} + static void -perform_chgpwent(const char *name, struct passwd *pwd, char *nispasswd) +perform_chgpwent(const char *name, struct passwd *pwd) { int rc; - struct passwd *nispwd; - - /* duplicate for nis so that chgpwent is not modifying before NIS */ - if (nispasswd && *nispasswd == '/') - nispwd = pw_dup(pwd); rc = chgpwent(name, pwd); if (rc == -1) @@ -246,11 +202,11 @@ perform_chgpwent(const char *name, struct passwd *pwd, char *nispasswd) else if (rc != 0) err(EX_IOERR, "passwd file update"); - if (nispasswd && *nispasswd == '/') { - rc = chgnispwent(nispasswd, name, nispwd); + if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') { + rc = chgnispwent(conf.userconf->nispasswd, name, pwd); if (rc == -1) warn("User '%s' not found in NIS passwd", pwd->pw_name); - else if (rc != 0) + else warn("NIS passwd update"); /* NOTE: NIS-only update errors are not fatal */ } @@ -266,29 +222,19 @@ perform_chgpwent(const char *name, struct passwd *pwd, char *nispasswd) * that is a known limitation. */ static int -pw_userlock(char *arg1, int mode) +pw_userlock(char *name, long id, int mode) { struct passwd *pwd = NULL; char *passtmp = NULL; - char *name; bool locked = false; - uid_t id; - if (geteuid() != 0) - errx(EX_NOPERM, "you must be root"); - - if (arg1 == NULL) + if (id < 0 && name == NULL) errx(EX_DATAERR, "username or id required"); - if (arg1[strspn(arg1, "0123456789")] == '\0') - id = pw_checkid(arg1, UID_MAX); - else - name = arg1; - pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); if (pwd == NULL) { if (name == NULL) - errx(EX_NOUSER, "no such uid `%ju'", (uintmax_t) id); + errx(EX_NOUSER, "no such uid `%ld'", id); errx(EX_NOUSER, "no such user `%s'", name); } @@ -311,87 +257,629 @@ pw_userlock(char *arg1, int mode) pwd->pw_passwd += sizeof(locked_str)-1; } - perform_chgpwent(name, pwd, NULL); + perform_chgpwent(name, pwd); free(passtmp); return (EXIT_SUCCESS); } -static uid_t -pw_uidpolicy(struct userconf * cnf, intmax_t id) +/*- + * -C config configuration file + * -q quiet operation + * -n name login name + * -u uid user id + * -c comment user name/comment + * -d directory home directory + * -e date account expiry date + * -p date password expiry date + * -g grp primary group + * -G grp1,grp2 additional groups + * -m [ -k dir ] create and set up home + * -s shell name of login shell + * -o duplicate uid ok + * -L class user class + * -l name new login name + * -h fd password filehandle + * -H fd encrypted password filehandle + * -F force print or add + * Setting defaults: + * -D set user defaults + * -b dir default home root dir + * -e period default expiry period + * -p period default password change period + * -g group default group + * -G grp1,grp2.. default additional groups + * -L class default login class + * -k dir default home skeleton + * -s shell default shell + * -w method default password method + */ + +int +pw_user(int mode, char *name, long id, struct cargs * args) { - struct passwd *pwd; - struct bitmap bm; - uid_t uid = (uid_t) - 1; + int rc, edited = 0; + char *p = NULL; + struct carg *arg; + struct passwd *pwd = NULL; + struct group *grp; + struct stat st; + struct userconf *cnf; + char line[_PASSWORD_LEN+1]; + char path[MAXPATHLEN]; + FILE *fp; + char *dmode_c; + void *set = NULL; + + static struct passwd fakeuser = + { + "nouser", + "*", + -1, + -1, + 0, + "", + "User &", + "/nonexistent", + "/bin/sh", + 0 +#if defined(__FreeBSD__) + ,0 +#endif + }; + + cnf = conf.userconf; + + if (mode == M_NEXT) + return (pw_usernext(cnf, conf.quiet)); + + if (mode == M_PRINT) + return (pw_usershow(name, id, &fakeuser)); + + if (mode == M_DELETE) + return (pw_userdel(name, id)); + + if (mode == M_LOCK || mode == M_UNLOCK) + return (pw_userlock(name, id, mode)); /* - * Check the given uid, if any + * We can do all of the common legwork here */ - if (id >= 0) { - uid = (uid_t) id; - if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate) - errx(EX_DATAERR, "uid `%ju' has already been allocated", - (uintmax_t)pwd->pw_uid); - return (uid); + if ((arg = getarg(args, 'b')) != NULL) { + cnf->home = arg->val; + } + + if ((arg = getarg(args, 'M')) != NULL) { + dmode_c = arg->val; + if ((set = setmode(dmode_c)) == NULL) + errx(EX_DATAERR, "invalid directory creation mode '%s'", + dmode_c); + cnf->homemode = getmode(set, _DEF_DIRMODE); + free(set); + } + + /* + * If we'll need to use it or we're updating it, + * then create the base home directory if necessary + */ + if (arg != NULL || getarg(args, 'm') != NULL) { + int l = strlen(cnf->home); + + if (l > 1 && cnf->home[l-1] == '/') /* Shave off any trailing path delimiter */ + cnf->home[--l] = '\0'; + + if (l < 2 || *cnf->home != '/') /* Check for absolute path name */ + errx(EX_DATAERR, "invalid base directory for home '%s'", cnf->home); + + if (stat(cnf->home, &st) == -1) { + char dbuf[MAXPATHLEN]; + + /* + * This is a kludge especially for Joerg :) + * If the home directory would be created in the root partition, then + * we really create it under /usr which is likely to have more space. + * But we create a symlink from cnf->home -> "/usr" -> cnf->home + */ + if (strchr(cnf->home+1, '/') == NULL) { + snprintf(dbuf, MAXPATHLEN, "/usr%s", cnf->home); + if (mkdir(dbuf, _DEF_DIRMODE) != -1 || errno == EEXIST) { + chown(dbuf, 0, 0); + /* + * Skip first "/" and create symlink: + * /home -> usr/home + */ + symlink(dbuf+1, cnf->home); + } + /* If this falls, fall back to old method */ + } + strlcpy(dbuf, cnf->home, sizeof(dbuf)); + p = dbuf; + if (stat(dbuf, &st) == -1) { + while ((p = strchr(p + 1, '/')) != NULL) { + *p = '\0'; + if (stat(dbuf, &st) == -1) { + if (mkdir(dbuf, _DEF_DIRMODE) == -1) + err(EX_OSFILE, "mkdir '%s'", dbuf); + chown(dbuf, 0, 0); + } else if (!S_ISDIR(st.st_mode)) + errx(EX_OSFILE, "'%s' (root home parent) is not a directory", dbuf); + *p = '/'; + } + } + if (stat(dbuf, &st) == -1) { + if (mkdir(dbuf, _DEF_DIRMODE) == -1) + err(EX_OSFILE, "mkdir '%s'", dbuf); + chown(dbuf, 0, 0); + } + } else if (!S_ISDIR(st.st_mode)) + errx(EX_OSFILE, "root home `%s' is not a directory", cnf->home); + } + + if ((arg = getarg(args, 'e')) != NULL) + cnf->expire_days = atoi(arg->val); + + if ((arg = getarg(args, 'y')) != NULL) + cnf->nispasswd = arg->val; + + if ((arg = getarg(args, 'p')) != NULL && arg->val) + cnf->password_days = atoi(arg->val); + + if ((arg = getarg(args, 'g')) != NULL) { + if (!*(p = arg->val)) /* Handle empty group list specially */ + cnf->default_group = ""; + else { + if ((grp = GETGRNAM(p)) == NULL) { + if (!isdigit((unsigned char)*p) || (grp = GETGRGID((gid_t) atoi(p))) == NULL) + errx(EX_NOUSER, "group `%s' does not exist", p); + } + cnf->default_group = newstr(grp->gr_name); + } + } + if ((arg = getarg(args, 'L')) != NULL) + cnf->default_class = pw_checkname(arg->val, 0); + + if ((arg = getarg(args, 'G')) != NULL && arg->val) { + for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) { + if ((grp = GETGRNAM(p)) == NULL) { + if (!isdigit((unsigned char)*p) || (grp = GETGRGID((gid_t) atoi(p))) == NULL) + errx(EX_NOUSER, "group `%s' does not exist", p); + } + sl_add(cnf->groups, newstr(grp->gr_name)); + } + } + + if ((arg = getarg(args, 'k')) != NULL) { + char *tmp = cnf->dotdir = arg->val; + if (*tmp == '/') + tmp++; + if ((fstatat(conf.rootfd, tmp, &st, 0) == -1) || + !S_ISDIR(st.st_mode)) + errx(EX_OSFILE, "skeleton `%s' is not a directory or " + "does not exist", cnf->dotdir); + } + + if ((arg = getarg(args, 's')) != NULL) + cnf->shell_default = arg->val; + + if ((arg = getarg(args, 'w')) != NULL) + cnf->default_password = boolean_val(arg->val, cnf->default_password); + if (mode == M_ADD && getarg(args, 'D')) { + if (name != NULL) + errx(EX_DATAERR, "can't combine `-D' with `-n name'"); + if ((arg = getarg(args, 'u')) != NULL && (p = strtok(arg->val, ", \t")) != NULL) { + if ((cnf->min_uid = (uid_t) atoi(p)) == 0) + cnf->min_uid = 1000; + if ((p = strtok(NULL, " ,\t")) == NULL || (cnf->max_uid = (uid_t) atoi(p)) < cnf->min_uid) + cnf->max_uid = 32000; + } + if ((arg = getarg(args, 'i')) != NULL && (p = strtok(arg->val, ", \t")) != NULL) { + if ((cnf->min_gid = (gid_t) atoi(p)) == 0) + cnf->min_gid = 1000; + if ((p = strtok(NULL, " ,\t")) == NULL || (cnf->max_gid = (gid_t) atoi(p)) < cnf->min_gid) + cnf->max_gid = 32000; + } + + if (write_userconfig(conf.config)) + return (EXIT_SUCCESS); + err(EX_IOERR, "config udpate"); + } + + if (name != NULL) + pwd = GETPWNAM(pw_checkname(name, 0)); + + if (id < 0 && name == NULL) + errx(EX_DATAERR, "user name or id required"); + + /* + * Update require that the user exists + */ + if (mode == M_UPDATE) { + + if (name == NULL && pwd == NULL) /* Try harder */ + pwd = GETPWUID(id); + + if (pwd == NULL) { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); + } + + if (name == NULL) + name = pwd->pw_name; + + /* + * The rest is edit code + */ + if (conf.newname != NULL) { + if (strcmp(pwd->pw_name, "root") == 0) + errx(EX_DATAERR, "can't rename `root' account"); + pwd->pw_name = pw_checkname(conf.newname, 0); + edited = 1; + } + + if (id > 0 && isdigit((unsigned char)*arg->val)) { + pwd->pw_uid = (uid_t)id; + edited = 1; + if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0) + errx(EX_DATAERR, "can't change uid of `root' account"); + if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) + warnx("WARNING: account `%s' will have a uid of 0 (superuser access!)", pwd->pw_name); + } + + if ((arg = getarg(args, 'g')) != NULL && pwd->pw_uid != 0) { /* Already checked this */ + gid_t newgid = (gid_t) GETGRNAM(cnf->default_group)->gr_gid; + if (newgid != pwd->pw_gid) { + edited = 1; + pwd->pw_gid = newgid; + } + } + + if ((arg = getarg(args, 'p')) != NULL) { + if (*arg->val == '\0' || strcmp(arg->val, "0") == 0) { + if (pwd->pw_change != 0) { + pwd->pw_change = 0; + edited = 1; + } + } + else { + time_t now = time(NULL); + time_t expire = parse_date(now, arg->val); + + if (pwd->pw_change != expire) { + pwd->pw_change = expire; + edited = 1; + } + } + } + + if ((arg = getarg(args, 'e')) != NULL) { + if (*arg->val == '\0' || strcmp(arg->val, "0") == 0) { + if (pwd->pw_expire != 0) { + pwd->pw_expire = 0; + edited = 1; + } + } + else { + time_t now = time(NULL); + time_t expire = parse_date(now, arg->val); + + if (pwd->pw_expire != expire) { + pwd->pw_expire = expire; + edited = 1; + } + } + } + + if ((arg = getarg(args, 's')) != NULL) { + char *shell = shell_path(cnf->shelldir, cnf->shells, arg->val); + if (shell == NULL) + shell = ""; + if (strcmp(shell, pwd->pw_shell) != 0) { + pwd->pw_shell = shell; + edited = 1; + } + } + + if (getarg(args, 'L')) { + if (cnf->default_class == NULL) + cnf->default_class = ""; + if (strcmp(pwd->pw_class, cnf->default_class) != 0) { + pwd->pw_class = cnf->default_class; + edited = 1; + } + } + + if ((arg = getarg(args, 'd')) != NULL) { + if (strcmp(pwd->pw_dir, arg->val)) + edited = 1; + if (stat(pwd->pw_dir = arg->val, &st) == -1) { + if (getarg(args, 'm') == NULL && strcmp(pwd->pw_dir, "/nonexistent") != 0) + warnx("WARNING: home `%s' does not exist", pwd->pw_dir); + } else if (!S_ISDIR(st.st_mode)) + warnx("WARNING: home `%s' is not a directory", pwd->pw_dir); + } + + if ((arg = getarg(args, 'w')) != NULL && conf.fd == -1) { + login_cap_t *lc; + + lc = login_getpwclass(pwd); + if (lc == NULL || + login_setcryptfmt(lc, "sha512", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); + pwd->pw_passwd = pw_password(cnf, pwd->pw_name); + edited = 1; + } + + } else { + login_cap_t *lc; + + /* + * Add code + */ + + if (name == NULL) /* Required */ + errx(EX_DATAERR, "login name required"); + else if ((pwd = GETPWNAM(name)) != NULL) /* Exists */ + errx(EX_DATAERR, "login name `%s' already exists", name); + + /* + * Now, set up defaults for a new user + */ + pwd = &fakeuser; + pwd->pw_name = name; + pwd->pw_class = cnf->default_class ? cnf->default_class : ""; + pwd->pw_uid = pw_uidpolicy(cnf, id); + pwd->pw_gid = pw_gidpolicy(args, pwd->pw_name, (gid_t) pwd->pw_uid); + pwd->pw_change = pw_pwdpolicy(cnf, args); + pwd->pw_expire = pw_exppolicy(cnf, args); + pwd->pw_dir = pw_homepolicy(cnf, args, pwd->pw_name); + pwd->pw_shell = pw_shellpolicy(cnf, args, NULL); + lc = login_getpwclass(pwd); + if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); + pwd->pw_passwd = pw_password(cnf, pwd->pw_name); + edited = 1; + + if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) + warnx("WARNING: new account `%s' has a uid of 0 (superuser access!)", pwd->pw_name); + } + + /* + * Shared add/edit code + */ + if (conf.gecos != NULL) { + if (strcmp(pwd->pw_gecos, conf.gecos) != 0) { + pwd->pw_gecos = conf.gecos; + edited = 1; + } + } + + if (conf.fd != -1) + edited = set_passwd(pwd, mode == M_UPDATE); + + /* + * Special case: -N only displays & exits + */ + if (conf.dryrun) + return print_user(pwd); + + if (mode == M_ADD) { + edited = 1; /* Always */ + rc = addpwent(pwd); + if (rc == -1) + errx(EX_IOERR, "user '%s' already exists", + pwd->pw_name); + else if (rc != 0) + err(EX_IOERR, "passwd file update"); + if (cnf->nispasswd && *cnf->nispasswd=='/') { + rc = addnispwent(cnf->nispasswd, pwd); + if (rc == -1) + warnx("User '%s' already exists in NIS passwd", pwd->pw_name); + else + warn("NIS passwd update"); + /* NOTE: we treat NIS-only update errors as non-fatal */ + } + } else if (mode == M_UPDATE && edited) /* Only updated this if required */ + perform_chgpwent(name, pwd); + + /* + * Ok, user is created or changed - now edit group file + */ + + if (mode == M_ADD || getarg(args, 'G') != NULL) { + int j; + size_t i; + /* First remove the user from all group */ + SETGRENT(); + while ((grp = GETGRENT()) != NULL) { + char group[MAXLOGNAME]; + if (grp->gr_mem == NULL) + continue; + for (i = 0; grp->gr_mem[i] != NULL; i++) { + if (strcmp(grp->gr_mem[i] , pwd->pw_name) != 0) + continue; + for (j = i; grp->gr_mem[j] != NULL ; j++) + grp->gr_mem[j] = grp->gr_mem[j+1]; + strlcpy(group, grp->gr_name, MAXLOGNAME); + chggrent(group, grp); + } + } + ENDGRENT(); + + /* now add to group where needed */ + for (i = 0; i < cnf->groups->sl_cur; i++) { + grp = GETGRNAM(cnf->groups->sl_str[i]); + grp = gr_add(grp, pwd->pw_name); + /* + * grp can only be NULL in 2 cases: + * - the new member is already a member + * - a problem with memory occurs + * in both cases we want to skip now. + */ + if (grp == NULL) + continue; + chggrent(grp->gr_name, grp); + free(grp); + } } + + + /* go get a current version of pwd */ + pwd = GETPWNAM(name); + if (pwd == NULL) { + /* This will fail when we rename, so special case that */ + if (mode == M_UPDATE && conf.newname != NULL) { + name = conf.newname; /* update new name */ + pwd = GETPWNAM(name); /* refetch renamed rec */ + } + } + if (pwd == NULL) /* can't go on without this */ + errx(EX_NOUSER, "user '%s' disappeared during update", name); + + grp = GETGRGID(pwd->pw_gid); + pw_log(cnf, mode, W_USER, "%s(%u):%s(%u):%s:%s:%s", + pwd->pw_name, pwd->pw_uid, + grp ? grp->gr_name : "unknown", (grp ? grp->gr_gid : (uid_t)-1), + pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell); + /* - * We need to allocate the next available uid under one of - * two policies a) Grab the first unused uid b) Grab the - * highest possible unused uid + * If adding, let's touch and chown the user's mail file. This is not + * strictly necessary under BSD with a 0755 maildir but it also + * doesn't hurt anything to create the empty mailfile */ - if (cnf->min_uid >= cnf->max_uid) { /* Sanity - * claus^H^H^H^Hheck */ - cnf->min_uid = 1000; - cnf->max_uid = 32000; + if (mode == M_ADD) { + if (PWALTDIR() != PWF_ALT) { + snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, + pwd->pw_name); + close(openat(conf.rootfd, path +1, O_RDWR | O_CREAT, + 0600)); /* Preserve contents & mtime */ + fchownat(conf.rootfd, path + 1, pwd->pw_uid, + pwd->pw_gid, AT_SYMLINK_NOFOLLOW); + } } - bm = bm_alloc(cnf->max_uid - cnf->min_uid + 1); /* - * Now, let's fill the bitmap from the password file + * Let's create and populate the user's home directory. Note + * that this also `works' for editing users if -m is used, but + * existing files will *not* be overwritten. */ - SETPWENT(); - while ((pwd = GETPWENT()) != NULL) - if (pwd->pw_uid >= (uid_t) cnf->min_uid && pwd->pw_uid <= (uid_t) cnf->max_uid) - bm_setbit(&bm, pwd->pw_uid - cnf->min_uid); - ENDPWENT(); + if (PWALTDIR() != PWF_ALT && getarg(args, 'm') != NULL && pwd->pw_dir && + *pwd->pw_dir == '/' && pwd->pw_dir[1]) + create_and_populate_homedir(pwd); /* - * Then apply the policy, with fallback to reuse if necessary + * Finally, send mail to the new user as well, if we are asked to */ - if (cnf->reuse_uids || (uid = (uid_t) (bm_lastset(&bm) + cnf->min_uid + 1)) > cnf->max_uid) - uid = (uid_t) (bm_firstunset(&bm) + cnf->min_uid); + if (mode == M_ADD && !PWALTDIR() && cnf->newmail && *cnf->newmail && (fp = fopen(cnf->newmail, "r")) != NULL) { + FILE *pfp = popen(_PATH_SENDMAIL " -t", "w"); + + if (pfp == NULL) + warn("sendmail"); + else { + fprintf(pfp, "From: root\n" "To: %s\n" "Subject: Welcome!\n\n", pwd->pw_name); + while (fgets(line, sizeof(line), fp) != NULL) { + /* Do substitutions? */ + fputs(line, pfp); + } + pclose(pfp); + pw_log(cnf, mode, W_USER, "%s(%u) new user mail sent", + pwd->pw_name, pwd->pw_uid); + } + fclose(fp); + } + + return EXIT_SUCCESS; +} + + +static uid_t +pw_uidpolicy(struct userconf * cnf, long id) +{ + struct passwd *pwd; + uid_t uid = (uid_t) - 1; /* - * Another sanity check + * Check the given uid, if any */ - if (uid < cnf->min_uid || uid > cnf->max_uid) - errx(EX_SOFTWARE, "unable to allocate a new uid - range fully used"); - bm_dealloc(&bm); - return (uid); + if (id >= 0) { + uid = (uid_t) id; + + if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate) + errx(EX_DATAERR, "uid `%u' has already been allocated", pwd->pw_uid); + } else { + struct bitmap bm; + + /* + * We need to allocate the next available uid under one of + * two policies a) Grab the first unused uid b) Grab the + * highest possible unused uid + */ + if (cnf->min_uid >= cnf->max_uid) { /* Sanity + * claus^H^H^H^Hheck */ + cnf->min_uid = 1000; + cnf->max_uid = 32000; + } + bm = bm_alloc(cnf->max_uid - cnf->min_uid + 1); + + /* + * Now, let's fill the bitmap from the password file + */ + SETPWENT(); + while ((pwd = GETPWENT()) != NULL) + if (pwd->pw_uid >= (uid_t) cnf->min_uid && pwd->pw_uid <= (uid_t) cnf->max_uid) + bm_setbit(&bm, pwd->pw_uid - cnf->min_uid); + ENDPWENT(); + + /* + * Then apply the policy, with fallback to reuse if necessary + */ + if (cnf->reuse_uids || (uid = (uid_t) (bm_lastset(&bm) + cnf->min_uid + 1)) > cnf->max_uid) + uid = (uid_t) (bm_firstunset(&bm) + cnf->min_uid); + + /* + * Another sanity check + */ + if (uid < cnf->min_uid || uid > cnf->max_uid) + errx(EX_SOFTWARE, "unable to allocate a new uid - range fully used"); + bm_dealloc(&bm); + } + return uid; } -static uid_t -pw_gidpolicy(struct userconf *cnf, char *grname, char *nam, gid_t prefer, bool dryrun) + +static uid_t +pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) { struct group *grp; gid_t gid = (uid_t) - 1; + struct carg *a_gid = getarg(args, 'g'); + struct userconf *cnf = conf.userconf; + + /* + * If no arg given, see if default can help out + */ + if (a_gid == NULL && cnf->default_group && *cnf->default_group) + a_gid = addarg(args, 'g', cnf->default_group); /* * Check the given gid, if any */ SETGRENT(); - if (grname) { - if ((grp = GETGRNAM(grname)) == NULL) { - gid = pw_checkid(grname, GID_MAX); - grp = GETGRGID(gid); + if (a_gid != NULL) { + if ((grp = GETGRNAM(a_gid->val)) == NULL) { + gid = (gid_t) atol(a_gid->val); + if ((gid == 0 && !isdigit((unsigned char)*a_gid->val)) || (grp = GETGRGID(gid)) == NULL) + errx(EX_NOUSER, "group `%s' is not defined", a_gid->val); } gid = grp->gr_gid; } else if ((grp = GETGRNAM(nam)) != NULL && (grp->gr_mem == NULL || grp->gr_mem[0] == NULL)) { gid = grp->gr_gid; /* Already created? Use it anyway... */ } else { - intmax_t grid = -1; + gid_t grid = -1; /* * We need to auto-create a group with the user's name. We @@ -404,27 +892,59 @@ pw_gidpolicy(struct userconf *cnf, char *grname, char *nam, gid_t prefer, bool d */ if (GETGRGID(prefer) == NULL) grid = prefer; - if (dryrun) { + if (conf.dryrun) { gid = pw_groupnext(cnf, true); } else { - if (grid == -1) - grid = pw_groupnext(cnf, true); - groupadd(cnf, nam, grid, NULL, -1, false, false, false); + pw_group(M_ADD, nam, grid, NULL); if ((grp = GETGRNAM(nam)) != NULL) gid = grp->gr_gid; } } ENDGRENT(); - return (gid); + return gid; +} + + +static time_t +pw_pwdpolicy(struct userconf * cnf, struct cargs * args) +{ + time_t result = 0; + time_t now = time(NULL); + struct carg *arg = getarg(args, 'p'); + + if (arg != NULL) { + if ((result = parse_date(now, arg->val)) == now) + errx(EX_DATAERR, "invalid date/time `%s'", arg->val); + } else if (cnf->password_days > 0) + result = now + ((long) cnf->password_days * 86400L); + return result; } -static char * -pw_homepolicy(struct userconf * cnf, char *homedir, const char *user) + +static time_t +pw_exppolicy(struct userconf * cnf, struct cargs * args) { + time_t result = 0; + time_t now = time(NULL); + struct carg *arg = getarg(args, 'e'); + + if (arg != NULL) { + if ((result = parse_date(now, arg->val)) == now) + errx(EX_DATAERR, "invalid date/time `%s'", arg->val); + } else if (cnf->expire_days > 0) + result = now + ((long) cnf->expire_days * 86400L); + return result; +} + + +static char * +pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user) +{ + struct carg *arg = getarg(args, 'd'); static char home[128]; - if (homedir) - return (homedir); + if (arg) + return (arg->val); if (cnf->home == NULL || *cnf->home == '\0') errx(EX_CONFIG, "no base home directory set"); @@ -433,7 +953,7 @@ pw_homepolicy(struct userconf * cnf, char *homedir, const char *user) return (home); } -static char * +static char * shell_path(char const * path, char *shells[], char *sh) { if (sh != NULL && (*sh == '/' || *sh == '\0')) @@ -468,23 +988,29 @@ shell_path(char const * path, char *shells[], char *sh) } } -static char * -pw_shellpolicy(struct userconf * cnf) + +static char * +pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell) { + char *sh = newshell; + struct carg *arg = getarg(args, 's'); - return shell_path(cnf->shelldir, cnf->shells, cnf->shell_default); + if (newshell == NULL && arg != NULL) + sh = arg->val; + return shell_path(cnf->shelldir, cnf->shells, sh ? sh : cnf->shell_default); } #define SALTSIZE 32 static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./"; -char * +char * pw_pwcrypt(char *password) { int i; char salt[SALTSIZE + 1]; char *cryptpw; + static char buf[256]; /* @@ -500,8 +1026,9 @@ pw_pwcrypt(char *password) return strcpy(buf, cryptpw); } -static char * -pw_password(struct userconf * cnf, char const * user, bool dryrun) + +static char * +pw_password(struct userconf * cnf, char const * user) { int i, l; char pwbuf[32]; @@ -516,7 +1043,7 @@ pw_password(struct userconf * cnf, char const * user, bool dryrun) /* * We give this information back to the user */ - if (conf.fd == -1 && !dryrun) { + if (conf.fd == -1 && !conf.dryrun) { if (isatty(STDOUT_FILENO)) printf("Password for '%s' is: ", user); printf("%s\n", pwbuf); @@ -539,78 +1066,201 @@ pw_password(struct userconf * cnf, char const * user, bool dryrun) } static int -print_user(struct passwd * pwd, bool pretty, bool v7) +pw_userdel(char *name, long id) { - int j; - char *p; - struct group *grp = GETGRGID(pwd->pw_gid); - char uname[60] = "User &", office[60] = "[None]", - wphone[60] = "[None]", hphone[60] = "[None]"; - char acexpire[32] = "[None]", pwexpire[32] = "[None]"; - struct tm * tptr; - - if (!pretty) { - p = v7 ? pw_make_v7(pwd) : pw_make(pwd); - printf("%s\n", p); - free(p); - return (EXIT_SUCCESS); + struct passwd *pwd = NULL; + char file[MAXPATHLEN]; + char home[MAXPATHLEN]; + uid_t uid; + struct group *gr, *grp; + char grname[LOGNAMESIZE]; + int rc; + struct stat st; + + if (id < 0 && name == NULL) + errx(EX_DATAERR, "username or id required"); + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); } + uid = pwd->pw_uid; + if (name == NULL) + name = pwd->pw_name; - if ((p = strtok(pwd->pw_gecos, ",")) != NULL) { - strlcpy(uname, p, sizeof(uname)); - if ((p = strtok(NULL, ",")) != NULL) { - strlcpy(office, p, sizeof(office)); - if ((p = strtok(NULL, ",")) != NULL) { - strlcpy(wphone, p, sizeof(wphone)); - if ((p = strtok(NULL, "")) != NULL) { - strlcpy(hphone, p, sizeof(hphone)); - } - } + if (strcmp(pwd->pw_name, "root") == 0) + errx(EX_DATAERR, "cannot remove user 'root'"); + + /* Remove opie record from /etc/opiekeys */ + + if (PWALTDIR() != PWF_ALT) + rmopie(pwd->pw_name); + + if (!PWALTDIR()) { + /* Remove crontabs */ + snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); + if (access(file, F_OK) == 0) { + snprintf(file, sizeof(file), "crontab -u %s -r", pwd->pw_name); + system(file); } } /* - * Handle '&' in gecos field + * Save these for later, since contents of pwd may be + * invalidated by deletion */ - if ((p = strchr(uname, '&')) != NULL) { - int l = strlen(pwd->pw_name); - int m = strlen(p); + snprintf(file, sizeof(file), "%s/%s", _PATH_MAILDIR, pwd->pw_name); + strlcpy(home, pwd->pw_dir, sizeof(home)); + gr = GETGRGID(pwd->pw_gid); + if (gr != NULL) + strlcpy(grname, gr->gr_name, LOGNAMESIZE); + else + grname[0] = '\0'; - memmove(p + l, p + 1, m); - memmove(p, pwd->pw_name, l); - *p = (char) toupper((unsigned char)*p); + rc = delpwent(pwd); + if (rc == -1) + err(EX_IOERR, "user '%s' does not exist", pwd->pw_name); + else if (rc != 0) + err(EX_IOERR, "passwd update"); + + if (conf.userconf->nispasswd && *conf.userconf->nispasswd=='/') { + rc = delnispwent(conf.userconf->nispasswd, name); + if (rc == -1) + warnx("WARNING: user '%s' does not exist in NIS passwd", + pwd->pw_name); + else if (rc != 0) + warn("WARNING: NIS passwd update"); + /* non-fatal */ } - if (pwd->pw_expire > (time_t)0 && (tptr = localtime(&pwd->pw_expire)) != NULL) - strftime(acexpire, sizeof acexpire, "%c", tptr); + + grp = GETGRNAM(name); + if (grp != NULL && + (grp->gr_mem == NULL || *grp->gr_mem == NULL) && + strcmp(name, grname) == 0) + delgrent(GETGRNAM(name)); + SETGRENT(); + while ((grp = GETGRENT()) != NULL) { + int i, j; + char group[MAXLOGNAME]; + if (grp->gr_mem == NULL) + continue; + + for (i = 0; grp->gr_mem[i] != NULL; i++) { + if (strcmp(grp->gr_mem[i], name) != 0) + continue; + + for (j = i; grp->gr_mem[j] != NULL; j++) + grp->gr_mem[j] = grp->gr_mem[j+1]; + strlcpy(group, grp->gr_name, MAXLOGNAME); + chggrent(group, grp); + } + } + ENDGRENT(); + + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) account removed", name, + uid); + + /* Remove mail file */ + if (PWALTDIR() != PWF_ALT) + unlinkat(conf.rootfd, file + 1, 0); + + /* Remove at jobs */ + if (!PWALTDIR() && getpwuid(uid) == NULL) + rmat(uid); + + /* Remove home directory and contents */ + if (PWALTDIR() != PWF_ALT && conf.deletehome && *home == '/' && + getpwuid(uid) == NULL && + fstatat(conf.rootfd, home + 1, &st, 0) != -1) { + rm_r(conf.rootfd, home, uid); + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) home '%s' %s" + "removed", name, uid, home, + fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not " + "completely "); + } + + return (EXIT_SUCCESS); +} + +static int +print_user(struct passwd * pwd) +{ + if (!conf.pretty) { + char *buf; + + buf = conf.v7 ? pw_make_v7(pwd) : pw_make(pwd); + printf("%s\n", buf); + free(buf); + } else { + int j; + char *p; + struct group *grp = GETGRGID(pwd->pw_gid); + char uname[60] = "User &", office[60] = "[None]", + wphone[60] = "[None]", hphone[60] = "[None]"; + char acexpire[32] = "[None]", pwexpire[32] = "[None]"; + struct tm * tptr; + + if ((p = strtok(pwd->pw_gecos, ",")) != NULL) { + strlcpy(uname, p, sizeof(uname)); + if ((p = strtok(NULL, ",")) != NULL) { + strlcpy(office, p, sizeof(office)); + if ((p = strtok(NULL, ",")) != NULL) { + strlcpy(wphone, p, sizeof(wphone)); + if ((p = strtok(NULL, "")) != NULL) { + strlcpy(hphone, p, + sizeof(hphone)); + } + } + } + } + /* + * Handle '&' in gecos field + */ + if ((p = strchr(uname, '&')) != NULL) { + int l = strlen(pwd->pw_name); + int m = strlen(p); + + memmove(p + l, p + 1, m); + memmove(p, pwd->pw_name, l); + *p = (char) toupper((unsigned char)*p); + } + if (pwd->pw_expire > (time_t)0 && (tptr = localtime(&pwd->pw_expire)) != NULL) + strftime(acexpire, sizeof acexpire, "%c", tptr); if (pwd->pw_change > (time_t)0 && (tptr = localtime(&pwd->pw_change)) != NULL) - strftime(pwexpire, sizeof pwexpire, "%c", tptr); - printf("Login Name: %-15s #%-12ju Group: %-15s #%ju\n" - " Full Name: %s\n" - " Home: %-26.26s Class: %s\n" - " Shell: %-26.26s Office: %s\n" - "Work Phone: %-26.26s Home Phone: %s\n" - "Acc Expire: %-26.26s Pwd Expire: %s\n", - pwd->pw_name, (uintmax_t)pwd->pw_uid, - grp ? grp->gr_name : "(invalid)", (uintmax_t)pwd->pw_gid, - uname, pwd->pw_dir, pwd->pw_class, - pwd->pw_shell, office, wphone, hphone, - acexpire, pwexpire); - SETGRENT(); - j = 0; - while ((grp=GETGRENT()) != NULL) { - int i = 0; - if (grp->gr_mem != NULL) { - while (grp->gr_mem[i] != NULL) { - if (strcmp(grp->gr_mem[i], pwd->pw_name)==0) { - printf(j++ == 0 ? " Groups: %s" : ",%s", grp->gr_name); - break; + strftime(pwexpire, sizeof pwexpire, "%c", tptr); + printf("Login Name: %-15s #%-12u Group: %-15s #%u\n" + " Full Name: %s\n" + " Home: %-26.26s Class: %s\n" + " Shell: %-26.26s Office: %s\n" + "Work Phone: %-26.26s Home Phone: %s\n" + "Acc Expire: %-26.26s Pwd Expire: %s\n", + pwd->pw_name, pwd->pw_uid, + grp ? grp->gr_name : "(invalid)", pwd->pw_gid, + uname, pwd->pw_dir, pwd->pw_class, + pwd->pw_shell, office, wphone, hphone, + acexpire, pwexpire); + SETGRENT(); + j = 0; + while ((grp=GETGRENT()) != NULL) + { + int i = 0; + if (grp->gr_mem != NULL) { + while (grp->gr_mem[i] != NULL) + { + if (strcmp(grp->gr_mem[i], pwd->pw_name)==0) + { + printf(j++ == 0 ? " Groups: %s" : ",%s", grp->gr_name); + break; + } + ++i; } - ++i; } } + ENDGRENT(); + printf("%s", j ? "\n" : ""); } - ENDGRENT(); - printf("%s", j ? "\n" : ""); - return (EXIT_SUCCESS); + return EXIT_SUCCESS; } char * @@ -666,12 +1316,13 @@ pw_checkname(char *name, int gecos) showch, (ch - name), showtype); } if (!gecos && (ch - name) > LOGNAMESIZE) - errx(EX_USAGE, "name too long `%s' (max is %d)", name, + errx(EX_DATAERR, "name too long `%s' (max is %d)", name, LOGNAMESIZE); return (name); } + static void rmat(uid_t uid) { @@ -689,8 +1340,7 @@ rmat(uid_t uid) st.st_uid == uid) { char tmp[MAXPATHLEN]; - snprintf(tmp, sizeof(tmp), "/usr/bin/atrm %s", - e->d_name); + snprintf(tmp, sizeof(tmp), "/usr/bin/atrm %s", e->d_name); system(tmp); } } @@ -727,1082 +1377,3 @@ rmopie(char const * name) */ fclose(fp); } - -int -pw_user_next(int argc, char **argv, char *name __unused) -{ - struct userconf *cnf = NULL; - const char *cfg = NULL; - int ch; - bool quiet = false; - uid_t next; - - while ((ch = getopt(argc, argv, "Cq")) != -1) { - switch (ch) { - case 'C': - cfg = optarg; - break; - case 'q': - quiet = true; - break; - } - } - - if (quiet) - freopen(_PATH_DEVNULL, "w", stderr); - - cnf = get_userconfig(cfg); - - next = pw_uidpolicy(cnf, -1); - - printf("%ju:", (uintmax_t)next); - pw_groupnext(cnf, quiet); - - return (EXIT_SUCCESS); -} - -int -pw_user_show(int argc, char **argv, char *arg1) -{ - struct passwd *pwd = NULL; - char *name = NULL; - intmax_t id = -1; - int ch; - bool all = false; - bool pretty = false; - bool force = false; - bool v7 = false; - bool quiet = false; - - if (arg1 != NULL) { - if (arg1[strspn(arg1, "0123456789")] == '\0') - id = pw_checkid(arg1, UID_MAX); - else - name = arg1; - } - - while ((ch = getopt(argc, argv, "C:qn:u:FPa7")) != -1) { - switch (ch) { - case 'C': - /* ignore compatibility */ - break; - case 'q': - quiet = true; - break; - case 'n': - name = optarg; - break; - case 'u': - id = pw_checkid(optarg, UID_MAX); - break; - case 'F': - force = true; - break; - case 'P': - pretty = true; - break; - case 'a': - all = true; - break; - case 7: - v7 = true; - break; - } - } - - if (quiet) - freopen(_PATH_DEVNULL, "w", stderr); - - if (all) { - SETPWENT(); - while ((pwd = GETPWENT()) != NULL) - print_user(pwd, pretty, v7); - ENDPWENT(); - return (EXIT_SUCCESS); - } - - if (id < 0 && name == NULL) - errx(EX_DATAERR, "username or id required"); - - pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); - if (pwd == NULL) { - if (force) { - pwd = &fakeuser; - } else { - if (name == NULL) - errx(EX_NOUSER, "no such uid `%ju'", - (uintmax_t) id); - errx(EX_NOUSER, "no such user `%s'", name); - } - } - - return (print_user(pwd, pretty, v7)); -} - -int -pw_user_del(int argc, char **argv, char *arg1) -{ - struct userconf *cnf = NULL; - struct passwd *pwd = NULL; - struct group *gr, *grp; - char *name = NULL; - char grname[MAXLOGNAME]; - char *nispasswd = NULL; - char file[MAXPATHLEN]; - char home[MAXPATHLEN]; - const char *cfg = NULL; - struct stat st; - intmax_t id = -1; - int ch, rc; - bool nis = false; - bool deletehome = false; - bool quiet = false; - - if (arg1 != NULL) { - if (arg1[strspn(arg1, "0123456789")] == '\0') - id = pw_checkid(arg1, UID_MAX); - else - name = arg1; - } - - while ((ch = getopt(argc, argv, "C:qn:u:rYy:")) != -1) { - switch (ch) { - case 'C': - cfg = optarg; - break; - case 'q': - quiet = true; - break; - case 'n': - name = optarg; - break; - case 'u': - id = pw_checkid(optarg, UID_MAX); - break; - case 'r': - deletehome = true; - break; - case 'y': - nispasswd = optarg; - break; - case 'Y': - nis = true; - break; - } - } - - if (quiet) - freopen(_PATH_DEVNULL, "w", stderr); - - if (id < 0 && name == NULL) - errx(EX_DATAERR, "username or id required"); - - cnf = get_userconfig(cfg); - - if (nispasswd == NULL) - nispasswd = cnf->nispasswd; - - pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); - if (pwd == NULL) { - if (name == NULL) - errx(EX_NOUSER, "no such uid `%ju'", (uintmax_t) id); - errx(EX_NOUSER, "no such user `%s'", name); - } - - if (PWF._altdir == PWF_REGULAR && - ((pwd->pw_fields & _PWF_SOURCE) != _PWF_FILES)) { - if ((pwd->pw_fields & _PWF_SOURCE) == _PWF_NIS) { - if (!nis && nispasswd && *nispasswd != '/') - errx(EX_NOUSER, "Cannot remove NIS user `%s'", - name); - } else { - errx(EX_NOUSER, "Cannot remove non local user `%s'", - name); - } - } - - id = pwd->pw_uid; - if (name == NULL) - name = pwd->pw_name; - - if (strcmp(pwd->pw_name, "root") == 0) - errx(EX_DATAERR, "cannot remove user 'root'"); - - /* Remove opie record from /etc/opiekeys */ - if (PWALTDIR() != PWF_ALT) - rmopie(pwd->pw_name); - - if (!PWALTDIR()) { - /* Remove crontabs */ - snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); - if (access(file, F_OK) == 0) { - snprintf(file, sizeof(file), "crontab -u %s -r", - pwd->pw_name); - system(file); - } - } - - /* - * Save these for later, since contents of pwd may be - * invalidated by deletion - */ - snprintf(file, sizeof(file), "%s/%s", _PATH_MAILDIR, pwd->pw_name); - strlcpy(home, pwd->pw_dir, sizeof(home)); - gr = GETGRGID(pwd->pw_gid); - if (gr != NULL) - strlcpy(grname, gr->gr_name, LOGNAMESIZE); - else - grname[0] = '\0'; - - rc = delpwent(pwd); - if (rc == -1) - err(EX_IOERR, "user '%s' does not exist", pwd->pw_name); - else if (rc != 0) - err(EX_IOERR, "passwd update"); - - if (nis && nispasswd && *nispasswd=='/') { - rc = delnispwent(nispasswd, name); - if (rc == -1) - warnx("WARNING: user '%s' does not exist in NIS passwd", - pwd->pw_name); - else if (rc != 0) - warn("WARNING: NIS passwd update"); - } - - grp = GETGRNAM(name); - if (grp != NULL && - (grp->gr_mem == NULL || *grp->gr_mem == NULL) && - strcmp(name, grname) == 0) - delgrent(GETGRNAM(name)); - SETGRENT(); - while ((grp = GETGRENT()) != NULL) { - int i, j; - char group[MAXLOGNAME]; - if (grp->gr_mem == NULL) - continue; - - for (i = 0; grp->gr_mem[i] != NULL; i++) { - if (strcmp(grp->gr_mem[i], name) != 0) - continue; - - for (j = i; grp->gr_mem[j] != NULL; j++) - grp->gr_mem[j] = grp->gr_mem[j+1]; - strlcpy(group, grp->gr_name, MAXLOGNAME); - chggrent(group, grp); - } - } - ENDGRENT(); - - pw_log(cnf, M_DELETE, W_USER, "%s(%ju) account removed", name, - (uintmax_t)id); - - /* Remove mail file */ - if (PWALTDIR() != PWF_ALT) - unlinkat(conf.rootfd, file + 1, 0); - - /* Remove at jobs */ - if (!PWALTDIR() && getpwuid(id) == NULL) - rmat(id); - - /* Remove home directory and contents */ - if (PWALTDIR() != PWF_ALT && deletehome && *home == '/' && - GETPWUID(id) == NULL && - fstatat(conf.rootfd, home + 1, &st, 0) != -1) { - rm_r(conf.rootfd, home, id); - pw_log(cnf, M_DELETE, W_USER, "%s(%ju) home '%s' %s" - "removed", name, (uintmax_t)id, home, - fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not " - "completely "); - } - - return (EXIT_SUCCESS); -} - -int -pw_user_lock(int argc, char **argv, char *arg1) -{ - int ch; - - while ((ch = getopt(argc, argv, "Cq")) != -1) { - switch (ch) { - case 'C': - case 'q': - /* compatibility */ - break; - } - } - - return (pw_userlock(arg1, M_LOCK)); -} - -int -pw_user_unlock(int argc, char **argv, char *arg1) -{ - int ch; - - while ((ch = getopt(argc, argv, "Cq")) != -1) { - switch (ch) { - case 'C': - case 'q': - /* compatibility */ - break; - } - } - - return (pw_userlock(arg1, M_UNLOCK)); -} - -static struct group * -group_from_name_or_id(char *name) -{ - const char *errstr = NULL; - struct group *grp; - uintmax_t id; - - if ((grp = GETGRNAM(name)) == NULL) { - id = strtounum(name, 0, GID_MAX, &errstr); - if (errstr) - errx(EX_NOUSER, "group `%s' does not exist", name); - grp = GETGRGID(id); - if (grp == NULL) - errx(EX_NOUSER, "group `%s' does not exist", name); - } - - return (grp); -} - -static void -split_groups(StringList **groups, char *groupsstr) -{ - struct group *grp; - char *p; - char tok[] = ", \t"; - - for (p = strtok(groupsstr, tok); p != NULL; p = strtok(NULL, tok)) { - grp = group_from_name_or_id(p); - if (*groups == NULL) - *groups = sl_init(); - sl_add(*groups, newstr(grp->gr_name)); - } -} - -static void -validate_grname(struct userconf *cnf, char *group) -{ - struct group *grp; - - if (group == NULL || *group == '\0') { - cnf->default_group = ""; - return; - } - grp = group_from_name_or_id(group); - cnf->default_group = newstr(grp->gr_name); -} - -static mode_t -validate_mode(char *mode) -{ - mode_t m; - void *set; - - if ((set = setmode(mode)) == NULL) - errx(EX_DATAERR, "invalid directory creation mode '%s'", mode); - - m = getmode(set, _DEF_DIRMODE); - free(set); - return (m); -} - -static void -mix_config(struct userconf *cmdcnf, struct userconf *cfg) -{ - - if (cmdcnf->default_password == 0) - cmdcnf->default_password = cfg->default_password; - if (cmdcnf->reuse_uids == 0) - cmdcnf->reuse_uids = cfg->reuse_uids; - if (cmdcnf->reuse_gids == 0) - cmdcnf->reuse_gids = cfg->reuse_gids; - if (cmdcnf->nispasswd == NULL) - cmdcnf->nispasswd = cfg->nispasswd; - if (cmdcnf->dotdir == NULL) - cmdcnf->dotdir = cfg->dotdir; - if (cmdcnf->newmail == NULL) - cmdcnf->newmail = cfg->newmail; - if (cmdcnf->logfile == NULL) - cmdcnf->logfile = cfg->logfile; - if (cmdcnf->home == NULL) - cmdcnf->home = cfg->home; - if (cmdcnf->homemode == 0) - cmdcnf->homemode = cfg->homemode; - if (cmdcnf->shelldir == NULL) - cmdcnf->shelldir = cfg->shelldir; - if (cmdcnf->shells == NULL) - cmdcnf->shells = cfg->shells; - if (cmdcnf->shell_default == NULL) - cmdcnf->shell_default = cfg->shell_default; - if (cmdcnf->default_group == NULL) - cmdcnf->default_group = cfg->default_group; - if (cmdcnf->groups == NULL) - cmdcnf->groups = cfg->groups; - if (cmdcnf->default_class == NULL) - cmdcnf->default_class = cfg->default_class; - if (cmdcnf->min_uid == 0) - cmdcnf->min_uid = cfg->min_uid; - if (cmdcnf->max_uid == 0) - cmdcnf->max_uid = cfg->max_uid; - if (cmdcnf->min_gid == 0) - cmdcnf->min_gid = cfg->min_gid; - if (cmdcnf->max_gid == 0) - cmdcnf->max_gid = cfg->max_gid; - if (cmdcnf->expire_days == 0) - cmdcnf->expire_days = cfg->expire_days; - if (cmdcnf->password_days == 0) - cmdcnf->password_days = cfg->password_days; -} - -int -pw_user_add(int argc, char **argv, char *arg1) -{ - struct userconf *cnf, *cmdcnf; - struct passwd *pwd; - struct group *grp; - struct stat st; - char args[] = "C:qn:u:c:d:e:p:g:G:mM:k:s:oL:i:w:h:H:Db:NPy:Y"; - char line[_PASSWORD_LEN+1], path[MAXPATHLEN]; - char *gecos, *homedir, *skel, *walk, *userid, *groupid, *grname; - char *default_passwd, *name, *p; - const char *cfg; - login_cap_t *lc; - FILE *pfp, *fp; - intmax_t id = -1; - time_t now; - int rc, ch, fd = -1; - size_t i; - bool dryrun, nis, pretty, quiet, createhome, precrypted, genconf; - - dryrun = nis = pretty = quiet = createhome = precrypted = false; - genconf = false; - gecos = homedir = skel = userid = groupid = default_passwd = NULL; - grname = name = NULL; - - if ((cmdcnf = calloc(1, sizeof(struct userconf))) == NULL) - err(EXIT_FAILURE, "calloc()"); - - if (arg1 != NULL) { - if (arg1[strspn(arg1, "0123456789")] == '\0') - id = pw_checkid(arg1, UID_MAX); - else - name = arg1; - } - - while ((ch = getopt(argc, argv, args)) != -1) { - switch (ch) { - case 'C': - cfg = optarg; - break; - case 'q': - quiet = true; - break; - case 'n': - name = optarg; - break; - case 'u': - userid = optarg; - break; - case 'c': - gecos = pw_checkname(optarg, 1); - break; - case 'd': - homedir = optarg; - break; - case 'e': - now = time(NULL); - cmdcnf->expire_days = parse_date(now, optarg); - break; - case 'p': - now = time(NULL); - cmdcnf->password_days = parse_date(now, optarg); - break; - case 'g': - validate_grname(cmdcnf, optarg); - grname = optarg; - break; - case 'G': - split_groups(&cmdcnf->groups, optarg); - break; - case 'm': - createhome = true; - break; - case 'M': - cmdcnf->homemode = validate_mode(optarg); - break; - case 'k': - walk = skel = optarg; - if (*walk == '/') - walk++; - if (fstatat(conf.rootfd, walk, &st, 0) == -1) - errx(EX_OSFILE, "skeleton `%s' does not " - "exists", skel); - if (!S_ISDIR(st.st_mode)) - errx(EX_OSFILE, "skeleton `%s' is not a " - "directory", skel); - cmdcnf->dotdir = skel; - break; - case 's': - cmdcnf->shell_default = optarg; - break; - case 'o': - conf.checkduplicate = false; - break; - case 'L': - cmdcnf->default_class = pw_checkname(optarg, 0); - break; - case 'i': - groupid = optarg; - break; - case 'w': - default_passwd = optarg; - break; - case 'H': - if (fd != -1) - errx(EX_USAGE, "'-h' and '-H' are mutually " - "exclusive options"); - fd = pw_checkfd(optarg); - precrypted = true; - if (fd == '-') - errx(EX_USAGE, "-H expects a file descriptor"); - break; - case 'h': - if (fd != -1) - errx(EX_USAGE, "'-h' and '-H' are mutually " - "exclusive options"); - fd = pw_checkfd(optarg); - break; - case 'D': - genconf = true; - break; - case 'b': - cmdcnf->home = optarg; - break; - case 'N': - dryrun = true; - break; - case 'P': - pretty = true; - break; - case 'y': - cmdcnf->nispasswd = optarg; - break; - case 'Y': - nis = true; - break; - } - } - - if (geteuid() != 0 && ! dryrun) - errx(EX_NOPERM, "you must be root"); - - if (quiet) - freopen(_PATH_DEVNULL, "w", stderr); - - cnf = get_userconfig(cfg); - - mix_config(cmdcnf, cnf); - if (default_passwd) - cmdcnf->default_password = boolean_val(default_passwd, - cnf->default_password); - if (genconf) { - if (name != NULL) - errx(EX_DATAERR, "can't combine `-D' with `-n name'"); - if (userid != NULL) { - if ((p = strtok(userid, ", \t")) != NULL) - cmdcnf->min_uid = pw_checkid(p, UID_MAX); - if (cmdcnf->min_uid == 0) - cmdcnf->min_uid = 1000; - if ((p = strtok(NULL, " ,\t")) != NULL) - cmdcnf->max_uid = pw_checkid(p, UID_MAX); - if (cmdcnf->max_uid == 0) - cmdcnf->max_uid = 32000; - } - if (groupid != NULL) { - if ((p = strtok(groupid, ", \t")) != NULL) - cmdcnf->min_gid = pw_checkid(p, GID_MAX); - if (cmdcnf->min_gid == 0) - cmdcnf->min_gid = 1000; - if ((p = strtok(NULL, " ,\t")) != NULL) - cmdcnf->max_gid = pw_checkid(p, GID_MAX); - if (cmdcnf->max_gid == 0) - cmdcnf->max_gid = 32000; - } - if (write_userconfig(cmdcnf, cfg)) - return (EXIT_SUCCESS); - err(EX_IOERR, "config update"); - } - - if (userid) - id = pw_checkid(userid, UID_MAX); - if (id < 0 && name == NULL) - errx(EX_DATAERR, "user name or id required"); - - if (name == NULL) - errx(EX_DATAERR, "login name required"); - - if (GETPWNAM(name) != NULL) - errx(EX_DATAERR, "login name `%s' already exists", name); - - pwd = &fakeuser; - pwd->pw_name = name; - pwd->pw_class = cmdcnf->default_class ? cmdcnf->default_class : ""; - pwd->pw_uid = pw_uidpolicy(cmdcnf, id); - pwd->pw_gid = pw_gidpolicy(cnf, grname, pwd->pw_name, - (gid_t) pwd->pw_uid, dryrun); - pwd->pw_change = cmdcnf->password_days; - pwd->pw_expire = cmdcnf->expire_days; - pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name); - pwd->pw_shell = pw_shellpolicy(cmdcnf); - lc = login_getpwclass(pwd); - if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) - warn("setting crypt(3) format"); - login_close(lc); - pwd->pw_passwd = pw_password(cmdcnf, pwd->pw_name, dryrun); - if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) - warnx("WARNING: new account `%s' has a uid of 0 " - "(superuser access!)", pwd->pw_name); - if (gecos) - pwd->pw_gecos = gecos; - - if (fd != -1) - pw_set_passwd(pwd, fd, precrypted, false); - - if (dryrun) - return (print_user(pwd, pretty, false)); - - if ((rc = addpwent(pwd)) != 0) { - if (rc == -1) - errx(EX_IOERR, "user '%s' already exists", - pwd->pw_name); - else if (rc != 0) - err(EX_IOERR, "passwd file update"); - } - if (nis && cmdcnf->nispasswd && *cmdcnf->nispasswd == '/') { - printf("%s\n", cmdcnf->nispasswd); - rc = addnispwent(cmdcnf->nispasswd, pwd); - if (rc == -1) - warnx("User '%s' already exists in NIS passwd", - pwd->pw_name); - else if (rc != 0) - warn("NIS passwd update"); - /* NOTE: we treat NIS-only update errors as non-fatal */ - } - - if (cmdcnf->groups != NULL) { - for (i = 0; i < cmdcnf->groups->sl_cur; i++) { - grp = GETGRNAM(cmdcnf->groups->sl_str[i]); - grp = gr_add(grp, pwd->pw_name); - /* - * grp can only be NULL in 2 cases: - * - the new member is already a member - * - a problem with memory occurs - * in both cases we want to skip now. - */ - if (grp == NULL) - continue; - chggrent(grp->gr_name, grp); - free(grp); - } - } - - pwd = GETPWNAM(name); - if (pwd == NULL) - errx(EX_NOUSER, "user '%s' disappeared during update", name); - - grp = GETGRGID(pwd->pw_gid); - pw_log(cnf, M_ADD, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", - pwd->pw_name, (uintmax_t)pwd->pw_uid, - grp ? grp->gr_name : "unknown", - (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), - pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell); - - /* - * let's touch and chown the user's mail file. This is not - * strictly necessary under BSD with a 0755 maildir but it also - * doesn't hurt anything to create the empty mailfile - */ - if (PWALTDIR() != PWF_ALT) { - snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, - pwd->pw_name); - /* Preserve contents & mtime */ - close(openat(conf.rootfd, path +1, O_RDWR | O_CREAT, 0600)); - fchownat(conf.rootfd, path + 1, pwd->pw_uid, pwd->pw_gid, - AT_SYMLINK_NOFOLLOW); - } - - /* - * Let's create and populate the user's home directory. Note - * that this also `works' for editing users if -m is used, but - * existing files will *not* be overwritten. - */ - if (PWALTDIR() != PWF_ALT && createhome && pwd->pw_dir && - *pwd->pw_dir == '/' && pwd->pw_dir[1]) - create_and_populate_homedir(cmdcnf, pwd, cmdcnf->dotdir, - cmdcnf->homemode, false); - - if (!PWALTDIR() && cmdcnf->newmail && *cmdcnf->newmail && - (fp = fopen(cnf->newmail, "r")) != NULL) { - if ((pfp = popen(_PATH_SENDMAIL " -t", "w")) == NULL) - warn("sendmail"); - else { - fprintf(pfp, "From: root\n" "To: %s\n" - "Subject: Welcome!\n\n", pwd->pw_name); - while (fgets(line, sizeof(line), fp) != NULL) { - /* Do substitutions? */ - fputs(line, pfp); - } - pclose(pfp); - pw_log(cnf, M_ADD, W_USER, "%s(%ju) new user mail sent", - pwd->pw_name, (uintmax_t)pwd->pw_uid); - } - fclose(fp); - } - - if (nis && nis_update() == 0) - pw_log(cnf, M_ADD, W_USER, "NIS maps updated"); - - return (EXIT_SUCCESS); -} - -int -pw_user_mod(int argc, char **argv, char *arg1) -{ - struct userconf *cnf; - struct passwd *pwd; - struct group *grp; - StringList *groups = NULL; - char args[] = "C:qn:u:c:d:e:p:g:G:mM:l:k:s:w:L:h:H:NPYy:"; - const char *cfg; - char *gecos, *homedir, *grname, *name, *newname, *walk, *skel, *shell; - char *passwd, *class, *nispasswd; - login_cap_t *lc; - struct stat st; - intmax_t id = -1; - int ch, fd = -1; - size_t i, j; - bool quiet, createhome, pretty, dryrun, nis, edited, docreatehome; - bool precrypted; - mode_t homemode = 0; - time_t expire_days, password_days, now; - - expire_days = password_days = -1; - gecos = homedir = grname = name = newname = skel = shell =NULL; - passwd = NULL; - class = nispasswd = NULL; - quiet = createhome = pretty = dryrun = nis = precrypted = false; - edited = docreatehome = false; - - if (arg1 != NULL) { - if (arg1[strspn(arg1, "0123456789")] == '\0') - id = pw_checkid(arg1, UID_MAX); - else - name = arg1; - } - - while ((ch = getopt(argc, argv, args)) != -1) { - switch (ch) { - case 'C': - cfg = optarg; - break; - case 'q': - quiet = true; - break; - case 'n': - name = optarg; - break; - case 'u': - id = pw_checkid(optarg, UID_MAX); - break; - case 'c': - gecos = pw_checkname(optarg, 1); - break; - case 'd': - homedir = optarg; - break; - case 'e': - now = time(NULL); - expire_days = parse_date(now, optarg); - break; - case 'p': - now = time(NULL); - password_days = parse_date(now, optarg); - break; - case 'g': - group_from_name_or_id(optarg); - grname = optarg; - break; - case 'G': - split_groups(&groups, optarg); - break; - case 'm': - createhome = true; - break; - case 'M': - homemode = validate_mode(optarg); - break; - case 'l': - newname = optarg; - break; - case 'k': - walk = skel = optarg; - if (*walk == '/') - walk++; - if (fstatat(conf.rootfd, walk, &st, 0) == -1) - errx(EX_OSFILE, "skeleton `%s' does not " - "exists", skel); - if (!S_ISDIR(st.st_mode)) - errx(EX_OSFILE, "skeleton `%s' is not a " - "directory", skel); - break; - case 's': - shell = optarg; - break; - case 'w': - passwd = optarg; - break; - case 'L': - class = pw_checkname(optarg, 0); - break; - case 'H': - if (fd != -1) - errx(EX_USAGE, "'-h' and '-H' are mutually " - "exclusive options"); - fd = pw_checkfd(optarg); - precrypted = true; - if (fd == '-') - errx(EX_USAGE, "-H expects a file descriptor"); - break; - case 'h': - if (fd != -1) - errx(EX_USAGE, "'-h' and '-H' are mutually " - "exclusive options"); - fd = pw_checkfd(optarg); - break; - case 'N': - dryrun = true; - break; - case 'P': - pretty = true; - break; - case 'y': - nispasswd = optarg; - break; - case 'Y': - nis = true; - break; - } - } - - if (geteuid() != 0 && ! dryrun) - errx(EX_NOPERM, "you must be root"); - - if (quiet) - freopen(_PATH_DEVNULL, "w", stderr); - - cnf = get_userconfig(cfg); - - if (id < 0 && name == NULL) - errx(EX_DATAERR, "username or id required"); - - pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); - if (pwd == NULL) { - if (name == NULL) - errx(EX_NOUSER, "no such uid `%ju'", - (uintmax_t) id); - errx(EX_NOUSER, "no such user `%s'", name); - } - - if (name == NULL) - name = pwd->pw_name; - - if (nis && nispasswd == NULL) - nispasswd = cnf->nispasswd; - - if (PWF._altdir == PWF_REGULAR && - ((pwd->pw_fields & _PWF_SOURCE) != _PWF_FILES)) { - if ((pwd->pw_fields & _PWF_SOURCE) == _PWF_NIS) { - if (!nis && nispasswd && *nispasswd != '/') - errx(EX_NOUSER, "Cannot modify NIS user `%s'", - name); - } else { - errx(EX_NOUSER, "Cannot modify non local user `%s'", - name); - } - } - - if (newname) { - if (strcmp(pwd->pw_name, "root") == 0) - errx(EX_DATAERR, "can't rename `root' account"); - if (strcmp(pwd->pw_name, newname) != 0) { - pwd->pw_name = pw_checkname(newname, 0); - edited = true; - } - } - - if (id > 0 && pwd->pw_uid != id) { - pwd->pw_uid = id; - edited = true; - if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0) - errx(EX_DATAERR, "can't change uid of `root' account"); - if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) - warnx("WARNING: account `%s' will have a uid of 0 " - "(superuser access!)", pwd->pw_name); - } - - if (grname && pwd->pw_uid != 0) { - grp = GETGRNAM(grname); - if (grp == NULL) - grp = GETGRGID(pw_checkid(grname, GID_MAX)); - if (grp->gr_gid != pwd->pw_gid) { - pwd->pw_gid = grp->gr_gid; - edited = true; - } - } - - if (password_days >= 0 && pwd->pw_change != password_days) { - pwd->pw_change = password_days; - edited = true; - } - - if (expire_days >= 0 && pwd->pw_expire != expire_days) { - pwd->pw_expire = expire_days; - edited = true; - } - - if (shell) { - shell = shell_path(cnf->shelldir, cnf->shells, shell); - if (shell == NULL) - shell = ""; - if (strcmp(shell, pwd->pw_shell) != 0) { - pwd->pw_shell = shell; - edited = true; - } - } - - if (class && strcmp(pwd->pw_class, class) != 0) { - pwd->pw_class = class; - edited = true; - } - - if (homedir && strcmp(pwd->pw_dir, homedir) != 0) { - pwd->pw_dir = homedir; - edited = true; - if (fstatat(conf.rootfd, pwd->pw_dir, &st, 0) == -1) { - if (!createhome) - warnx("WARNING: home `%s' does not exist", - pwd->pw_dir); - else - docreatehome = true; - } else if (!S_ISDIR(st.st_mode)) { - warnx("WARNING: home `%s' is not a directory", - pwd->pw_dir); - } - } - - if (passwd && conf.fd == -1) { - lc = login_getpwclass(pwd); - if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) - warn("setting crypt(3) format"); - login_close(lc); - cnf->default_password = boolean_val(passwd, - cnf->default_password); - pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun); - edited = true; - } - - if (gecos && strcmp(pwd->pw_gecos, gecos) != 0) { - pwd->pw_gecos = gecos; - edited = true; - } - - if (fd != -1) - edited = pw_set_passwd(pwd, fd, precrypted, true); - - if (dryrun) - return (print_user(pwd, pretty, false)); - - if (edited) /* Only updated this if required */ - perform_chgpwent(name, pwd, nis ? nispasswd : NULL); - /* Now perform the needed changes concern groups */ - if (groups != NULL) { - /* Delete User from groups using old name */ - SETGRENT(); - while ((grp = GETGRENT()) != NULL) { - if (grp->gr_mem == NULL) - continue; - for (i = 0; grp->gr_mem[i] != NULL; i++) { - if (strcmp(grp->gr_mem[i] , name) != 0) - continue; - for (j = i; grp->gr_mem[j] != NULL ; j++) - grp->gr_mem[j] = grp->gr_mem[j+1]; - chggrent(grp->gr_name, grp); - break; - } - } - ENDGRENT(); - /* Add the user to the needed groups */ - for (i = 0; i < groups->sl_cur; i++) { - grp = GETGRNAM(groups->sl_str[i]); - grp = gr_add(grp, pwd->pw_name); - if (grp == NULL) - continue; - chggrent(grp->gr_name, grp); - free(grp); - } - } - /* In case of rename we need to walk over the different groups */ - if (newname) { - SETGRENT(); - while ((grp = GETGRENT()) != NULL) { - if (grp->gr_mem == NULL) - continue; - for (i = 0; grp->gr_mem[i] != NULL; i++) { - if (strcmp(grp->gr_mem[i], name) != 0) - continue; - grp->gr_mem[i] = newname; - chggrent(grp->gr_name, grp); - break; - } - } - } - - /* go get a current version of pwd */ - if (newname) - name = newname; - pwd = GETPWNAM(name); - if (pwd == NULL) - errx(EX_NOUSER, "user '%s' disappeared during update", name); - grp = GETGRGID(pwd->pw_gid); - pw_log(cnf, M_UPDATE, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", - pwd->pw_name, (uintmax_t)pwd->pw_uid, - grp ? grp->gr_name : "unknown", - (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), - pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell); - - /* - * Let's create and populate the user's home directory. Note - * that this also `works' for editing users if -m is used, but - * existing files will *not* be overwritten. - */ - if (PWALTDIR() != PWF_ALT && docreatehome && pwd->pw_dir && - *pwd->pw_dir == '/' && pwd->pw_dir[1]) { - if (!skel) - skel = cnf->dotdir; - if (homemode == 0) - homemode = cnf->homemode; - create_and_populate_homedir(cnf, pwd, skel, homemode, true); - } - - if (nis && nis_update() == 0) - pw_log(cnf, M_UPDATE, W_USER, "NIS maps updated"); - - return (EXIT_SUCCESS); -} diff --git a/pw/pw_utils.c b/pw/pw_utils.c deleted file mode 100644 index 1a4f812..0000000 --- a/pw/pw_utils.c +++ /dev/null @@ -1,99 +0,0 @@ -/*- - * Copyright (C) 2015 Baptiste Daroussin <bapt@FreeBSD.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer - * in this position and unchanged. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/types.h> -#include <sys/wait.h> - -#include <err.h> -#include <inttypes.h> -#include <sysexits.h> -#include <limits.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "pw.h" - -int -pw_checkfd(char *nptr) -{ - const char *errstr; - int fd = -1; - - if (strcmp(nptr, "-") == 0) - return '-'; - fd = strtonum(nptr, 0, INT_MAX, &errstr); - if (errstr != NULL) - errx(EX_USAGE, "Bad file descriptor '%s': %s", - nptr, errstr); - return (fd); -} - -uintmax_t -pw_checkid(char *nptr, uintmax_t maxval) -{ - const char *errstr = NULL; - uintmax_t id; - - id = strtounum(nptr, 0, maxval, &errstr); - if (errstr) - errx(EX_USAGE, "Bad id '%s': %s", nptr, errstr); - return (id); -} - -struct userconf * -get_userconfig(const char *config) -{ - char defaultcfg[MAXPATHLEN]; - - if (config != NULL) - return (read_userconfig(config)); - snprintf(defaultcfg, sizeof(defaultcfg), "%s/pw.conf", conf.etcpath); - return (read_userconfig(defaultcfg)); -} - -int -nis_update(void) { - pid_t pid; - int i; - - fflush(NULL); - if ((pid = fork()) == -1) { - warn("fork()"); - return (1); - } - if (pid == 0) { - execlp("/usr/bin/make", "make", "-C", "/var/yp/", (char*) NULL); - _exit(1); - } - waitpid(pid, &i, 0); - if ((i = WEXITSTATUS(i)) != 0) - errx(i, "make exited with status %d", i); - return (i); -} @@ -29,16 +29,18 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ -#include <sys/wait.h> - -#include <err.h> -#include <errno.h> -#include <pwd.h> -#include <libutil.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <pwd.h> +#include <libutil.h> +#include <errno.h> +#include <err.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/param.h> +#include <sys/wait.h> #include "pwupd.h" @@ -76,16 +76,29 @@ struct userconf { char *default_class; /* Default user class */ uid_t min_uid, max_uid; /* Allowed range of uids */ gid_t min_gid, max_gid; /* Allowed range of gids */ - time_t expire_days; /* Days to expiry */ - time_t password_days; /* Days to password expiry */ + int expire_days; /* Days to expiry */ + int password_days; /* Days to password expiry */ }; struct pwconf { char rootdir[MAXPATHLEN]; char etcpath[MAXPATHLEN]; + char *newname; + char *config; + char *gecos; int fd; int rootfd; + int which; + bool quiet; + bool force; + bool all; + bool dryrun; + bool pretty; + bool v7; bool checkduplicate; + bool deletehome; + bool precrypted; + struct userconf *userconf; }; extern struct pwf PWF; @@ -29,12 +29,15 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> #include <sys/stat.h> - +#include <sys/param.h> +#include <unistd.h> #include <dirent.h> #include <fcntl.h> -#include <string.h> -#include <unistd.h> #include "pwupd.h" diff --git a/pw/strtounum.c b/pw/strtounum.c deleted file mode 100644 index b2fefeb..0000000 --- a/pw/strtounum.c +++ /dev/null @@ -1,72 +0,0 @@ -/*- - * Copyright (C) 2015 Baptiste Daroussin <bapt@FreeBSD.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer - * in this position and unchanged. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <errno.h> -#include <inttypes.h> -#include <limits.h> -#include <stdlib.h> - -#include "pw.h" - -uintmax_t -strtounum(const char * __restrict np, uintmax_t minval, uintmax_t maxval, - const char ** __restrict errpp) -{ - char *endp; - uintmax_t ret; - - *errpp = NULL; - if (minval > maxval) { - errno = EINVAL; - if (errpp != NULL) - *errpp = "invalid"; - return (0); - } - errno = 0; - ret = strtoumax(np, &endp, 10); - if (endp == np || *endp != '\0') { - errno = EINVAL; - if (errpp != NULL) - *errpp = "invalid"; - return (0); - } - if (ret < minval) { - errno = ERANGE; - if (errpp != NULL) - *errpp = "too small"; - return (0); - } - if (errno == ERANGE || ret > maxval) { - errno = ERANGE; - if (errpp != NULL) - *errpp = "too large"; - return (0); - } - return (ret); -} |